-darkblue?style=flat-square&logo=sleuthkit){kind=icon}
This repository contains notes, labs, operations guides, and certificate of completion for the Intro to DFIR: Divide & Conquer course by SleuthKitLabs.
The course focuses on digital forensics fundamentals, evidence handling, timeline analysis, and incident response using SleuthKit and related tools.
- 📄
01-introduction.md– Introduction to DFIR - 📄
02-target-research-osint.md– OSINT for target research - 📄
03-pretexting-and-lure-design.md– Pretexting & lure design - 📄
04-delivery-infrastructure.md– Delivery infrastructure setup - 📄
05-delivery-techniques.md– Delivery techniques - 📄
06-opsec-foundations.md– OPSEC foundations - 📄
07-evasion-techniques.md– Evasion techniques - 📄
08-tracking-and-analytics.md– Tracking & analytics - 📄
09-red-team-phishing-lifecycle.md– Red team phishing lifecycle - 📄
10-reporting-and-lessons-learned.md– Reporting & lessons learned
- ⚙️
01-evidence-handling.md– Evidence handling procedures - ⚙️
02-filesystem-analysis.md– Filesystem analysis - ⚙️
03-artifact-processing.md– Artifact processing - ⚙️
04-timeline-construction.md– Timeline construction - ⚙️
05-keyword-and-pattern-search.md– Keyword & pattern search - ⚙️
06-correlation-and-triangulation.md– Correlation & triangulation - ⚙️
07-reporting-structure.md– Reporting structure
- 🔍
lab1-osint-basics.md– OSINT basics - 🔍
lab2-evidence-preservation.md– Evidence preservation - 🔍
lab3-timeline-analysis.md– Timeline analysis - 🔍
lab4-log-analysis.md– Log analysis - 🔍
lab5-network-forensics.md– Network forensics - 🔍
lab6-malware-analysis.md– Malware analysis basics - 🔍
lab7-incident-response-scenario.md– Incident response scenario
- 📘
index.md– Main documentation index - 📘
glossary.md– DFIR glossary - 📘
references.md– References & resources - 📘
roadmap.md– Learning roadmap - 📘
syllabus.md– Course syllabus
- 🎯
cheat-sheets.md– DFIR cheat sheets - 🎯
dataset-samples.md– Sample datasets - 🎯
methodology-overview.md– Methodology overview - 🎯
tooling-guide.md– Tooling guide
| Step | Screenshot |
|---|---|
| 🏫 Course Introduction |  |
| 🛣️ Learning Path |  |
🎓 Nguyen Vu Thanh Danh - 2025-12-05.pdf
This course provided me with a strong foundation in Digital Forensics and Incident Response.
The hands-on labs with SleuthKit tools gave practical experience in disk analysis, evidence preservation, and timeline reconstruction.
I particularly appreciated the real-world incident response scenarios, which helped me understand the structured approach to forensic investigations.
Overall, this program is excellent for anyone looking to build solid DFIR skills using open-source tools.
Nguyễn Vũ Thành Danh – Red Team Learner & Security Researcher
- GitHub: @ngvuthdanhh
- Email: ngvu.thdanh@gmail.com
This project is licensed under the terms of the MIT License.
See LICENSE for full details.
© 2025 ngvuthdanhh. All rights reserved.