Discover the All Access Pass



Digital Forensics Professional

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing


View enrollment fees for individual students.


Purchase eLearnSecurity courses for your company.

Extremely Hands-on

Digital Forensics is an interactive course that provides the learner with foundational materials and concepts, with supplemental video demonstrations, as well as the opportunity to apply and test your knowledge through our Hera labs environment.

Discover Labs

Become Certified

Obtain the eCDFP certification and prove your practical skills with the only 100% practical certification on digital forensics.

Discover eCDFP

Course at a glance

  • Learn how to acquire volatile and non-volatile data, using various techniques
  • Dive into the structure of files and then, analyze file headers, malicious documents, and file metadata
  • Become familiar with walking through partitions, recovering corrupted disks and locating hidden data
  • Learn how to analyze both FAT & NTFS file systems
  • Get familiar with file carving and creating your own custom carving signatures
  • Learn how to analyze the Windows registry, LNK files, prefetch files and previously mounted USB devices
  • Learn how to perform thorough investigations, against Skype, explorer's shellbags and Windows recycle bin
  • Become proficient in forensically investigating network attacks

Course material

  • High Definition Videos
  • Interactive slides
  • Hands-on challenges in our industry leading virtual labs

Course delivery

  • Self-paced, HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free


  • Module 1 : Introduction to Digital Forensics

    In this module, you will be introduced to the basic concepts, fundamentals, and techniques of Digital Forensics.

  • Module 2 : Data Acquisition

    This module covers all stages of Data Acquisition, from imaging and prioritizing data to the actual acquisition techniques that are appropriate for each case (i.e. - using dead acquisition in the case of a rootkit). After studying this module, you will be able to identify when a live acquisition is required and how to do so without risking the integrity of the evidence. The importance of using file hashes is up next, and finally, the appropriate tools for exporting both volatile and non-volatile data are documented, accompanied by hands-on labs.

  • Module 3 : Data Representation & Files Examination

    This module will make you capable of identifying files and their structure, which can be very helpful in various occasions, such as in a case of disguised files. Before that, you will dive into the structure of files and how their building blocks are used to construct them. After diving into the structure of files, you will learn to conduct a series of important forensic activities such as extracting metadata from documents, analyzing suspicious PDF/MS Office files, analyzing file headers and analyzing Exif data. Of course, the comprehension of those activities will be aided by hands-on and practical labs.

  • Module 4 : Disks

    In this module, you become familiar with how disks operate and store data. File systems will then be briefly covered, which will include what data structures they use and how to analyze them. Walking through an MBR partition, performing disk analysis, recovering corrupted disks and locating hidden partitions are only a small percentage of what you will learn in this module. The corresponding labs and step by step lab manuals will make sure you get familiar with the abovementioned forensic techniques against disks.

  • Module 5 : File Systems

    This module enlightens you to the way that data are organized on disk. You will be able to understand the underlying method used to track files on a disk partition. The FAT and NTFS file systems are covered in this module. Through a series of slides and hands-on labs you will eventually be able to analyze FAT and NTFS file systems, investigate cases of deleted files, formatted disks, and slack space, perform file carving and create custom signatures and of course, work with established toolkits such as Winhex, Autopsy, etc.

  • Module 6 : Windows Forensics

    In this module, you will get familiar with Windows Forensics. Specifically, you will learn how to detect criminal activity leveraging LNK files, the ThumbCache, prefetch files and a browser’s cache. Additionally, a series of slides and hands-on labs will make sure that you learn how to perform in-depth investigations against the Windows registry, previously mounted USB devices, Skype and explorer’s shellbags. Analyzing the Windows recycle bin is also documented as well as the important concept of time decoding.

  • Module 7 : Network Forensics

    This module covers the techniques used to examine and look for evidence within networks. This module starts by documenting effective traffic analysis and continues with how you could detect network attacks such as a DHCP starvation attack, blind DoS attacks and backdoor accounts. Using Snort IDS and SSL certificates as forensic data is also covered in this module, in addition to techniques such as file carving from network traffic.

  • Module 8 : Log Analysis

    In this module, log gathering and analysis is covered as a means of rebuilding malicious actions. Specifically, you will get familiar with Windows event analysis, web log analysis and statistical analysis in general. Familiarity will also be gained with log analysis utilizing Linux-based tools. Hands-on labs on how to detect web attacks will make sure that you get up to speed with log analysis.

  • Module 9 : Timeline Analysis

    This module covers timeline analysis in order to list events in a chronological order, regardless of their type or location. Performing timeline analysis is crucial on investigations since it can provide you with event context. You will learn what types of events to gather so that you create a meaningful and actionable timeline. Such events could be system events, file activity, browser activity, application activity and various logs. The most effective tools for creating or viewing timelines are also documented.

  • Module 10 : Reporting

    In this module, you will become familiarized with the most important part in most security-related operations. Reporting. Specifically, you will find tips on effective report writing, so that you can create a meaningful and actionable report. Time management is also taken into consideration so that you deliver your report always within the provided time frame. Specifically, we will guide you through the proper report structure, event/finding narration and level of technical details, so that you can professionally present your findings.

Download PDF Syllabus


  • A solid understanding of the fundamentals of modern Operating Systems
  • Basic understanding of Networks and Network Protocols and Programming Languages

This training course is for...

  • Security professionals, Digital investigators, and Digital Forensics examiners
  • Incident Responders and Threat Hunters
  • Digital Forensics Instructors and students
  • Red team members who want to update their techniques, tactics, and procedures


The Digital Forensics Professional (DFP) course is the most practical training course on digital forensics. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real-world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.

Lab IDDescriptionCategory
Lab 1 How to Acquire Data Educational
Lab 2 How to Acquire Data Using Linux Educational
Lab 3 Basic File Header Analysis Educational
Lab 4 Extracting Metadata from Documents Educational
Lab 5 Basic PDF and Word Document Analysis Educational
Lab 6 Analyzing Microsoft Office Documents Educational
Lab 7 Recovering A Corrupted Disk - MBR Case Educational
Lab 8 Recovering a Corrupted Disk - GPT Case Educational
Lab 9 Locating Hidden Partitions and Partition Gaps Educational
Lab 10 Analyzing FAT File System Educational
Lab 11 Investigating Deleted Files, Formatted Disks, and Slack Space Educational
Lab 12 Walking Through an NTFS File System Attributes Educational
Lab 13 File Carving and Creating Custom Signatures Educational
Lab 14 Windows Registry Analysis Educational
Lab 15 Analyzing Different Windows Artifacts Educational
Lab 16 USB Forensic Analysis Educational
Lab 17 Analyzing Windows Recycle Bin Educational
Lab 18 Traffic Analysis Using Wireshark - Part 1 Educational
Lab 19 Traffic Analysis Using Wireshark - Part 2 Educational
Lab 20 Network File Carving Educational
Lab 21 Investigating Network Scans Educational
Lab 22 Investigating Network Attacks Educational
Lab 23 Using Snort IDS Educational
Lab 24 Analyzing SSL TLS Certificates and Traffic Educational
Lab 25 Log Analysis using Linux Educational


Get the eCDFP Certification

eLearnSecurity's eCDFP (Certified Digital Forensics Professional) certification is the most practical and professionally oriented certification you can obtain in digital forensics. Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual advanced penetration test on a corporate network. This penetration test is modeled after a real-world scenario.

Learn more


  • Ali Hadi
    Ali Hadi

    Ali Hadi is a Senior Information and Cyber Security Specialist with 14+ years of industrial experience in Information Technology (IT). Ali is currently working as a full-time university professor and researcher for Champlain University in Vermont, USA, and was previously a professor in the Computer Science Department at Princess Sumaya University for Technology in Amman, Jordan.Ali provides consulting in several areas of security including digital forensics and incident response, cyber threat hunting, cyber threat intelligence, penetration testing, and vulnerability assessments. Ali is also an author, speaker, and freelance instructor where he has delivered technical training to law enforcement agencies, banks, telecoms, private companies, and other institutes. Ali's research interests include digital forensics, cyber threat hunting, and cyber threat intelligence.

Enroll now and get access to all of our material and labs!


The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

Go to top of page