Instructor: Hal Pomeranz
Course Length: 16 Hours
Format: Live Online or On-Demand
Includes: 12 months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.

Course Description
Linux is everywhere– running in the cloud, on cell phones, and in embedded devices that make up the “Internet of Things”. Often neglected by their owners, vulnerable Linux systems are low-hanging fruit for attackers wishing to create powerful botnets or mine cryptocurrencies. Ransomware type attacks may target Linux-based database systems and other important infrastructure.
As attacks against Linux become more and more common, there is an increasing demand for skilled Linux investigators. But even experienced forensics professionals may lack sufficient background to properly conduct Linux investigations. Linux is its own particular religion and requires dedicated study and practice to become comfortable.
This 16-hour, hands-on course is a quick start into the world of Linux forensics. Learn how to use memory forensics to rapidly triage systems and spot attacker malware and rootkits. Learn where the most critical on-disk artifacts live and how they can help further an investigation. Rapidly process Linux logs and build a clearer picture of what happened on the system.
Key Takeaways
- Acquiring and analyzing Linux memory
- Accessing complex Linux disk geometries
- Rapid triage for key Linux artifacts
- Linux log analysis
Who Should Take This Course
- Experienced forensic professionals wanting to expand their Linux knowledge
- SOC analysts needing a stronger grounding in Linux
- Administrators/developers defending Linux infrastructures
Audience Skill Level
This course is an introduction to Linux forensics, but not an introduction to forensics. The course assumes at least some knowledge of digital forensic methods, such as evidence acquisition. This course is heavily command-line driven, so basic familiarity with the Linux command-line is helpful.
Student Requirements
- High-speed Internet access
- A BitTorrent client for downloading course materials (e.g., Transmission https://transmissionbt.com/download/)
- A computer with at least 150GB of free space and capable of running a 64-bit VMware virtual machine using 4GB of RAM
What Each Student Should Bring
A properly configured computer and natural curiosity!
About Antisyphon Training Options
Live Online
Learn via live stream from instructors that are in the field utilizing the techniques they teach. Classes are split into four training days that are each four hours long. Live Online training includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
On-Demand
Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Most courses are offered with lifetime access to the course and content updates. All On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
Live Online w/ On-Demand Bundle
This is the best of both worlds! Attend the live online class at its next scheduled interval and gain access to the online training modules in the Antisyphon On-demand training platform. Bundle also includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.
Trainer & Author

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has spent more than thirty years providing pragmatic Information Technology and Security solutions for some of the world’s largest commercial, government, and academic institutions.
Live Training Events
There are no sessions of this course currently on our schedule.
Please keep an eye on the Live Training Calendar page for updates, or Contact Us for a private training session.