KeyW is now part of Jacobs. Learn more about this exciting combination.

Digital Forensics & Analysis (DFA)

Upcoming Courses

October 21 – November 1, 2019

Cost (single seat): $10,000

Course Length: 10 Days

Recommended for: Intermediate Students

Additional group and government discounts available. Contact Parrot Labs for more information!

 Download Course Catalog                                                                                      

What will you get out of DFA?

Students will learn in-depth digital forensic knowledge of the inner workings of Windows 7 malware analysis while preparing to become proficient cyber mission malware hunters and defenders.

What does DFA offer?

    • Textbook and lab manual to accompany instruction
    • Access to a personal sandboxed network, allowing students to learn at their own pace
    • Realistic network including rootkits and malware for analysis, and routing and servers set up to perform the malware delivery chain

Why should you enroll in DFA?

Learn about the inner workings of Windows 7 as it relates to live forensics and malware analysis.

    • Investigate real malware, including TDL4, Spybot, and Metasploit backdoors
    • Learn how to perform Memory forensics seeking malware that bypasses antivirus solution
    • Discover how reading network traffic assists with finding artifacts and identifying malicious behavior

Malware Delivery Chain

What topics are covered in DFA?


  • Learn about the Sysinternals Suite and native tools (netstat, tasklist, etc.)
  • Begin PowerShell scripting to automate process analysis
  • Locate running malware and discover persistence vectors


  • Search for forensic artifacts and perform a timeline analysis
  • Copy a hard drive using open-source tools


  • Analyze the following artifacts
    • Prefetch files
    • Volume Shadow Copy Service
    • Interesting registry keys
    • Shellbags


  • Become a more proficient cyber mission defender running malware executables
  • Create signatures for malware executables as Indicators of Compromise (IOC) and check other systems on the network for these IOCs


  • Detect antivirus tool and intrusion detection systems
  • Learn techniques for sustaining access


  • This course concludes with a full-day capstone that combines the skills learned throughout the course

The ACE CREDIT logo is a registered trademark of the American Council on Education and cannot be used or reproduced without the express written consent of the American Council on Education.