In the Unattended room, I worked through a challenge-based investigation where I had to analyze forensic evidence and uncover what happened in a simulated incident. Unlike the guided rooms, this one tested my ability to put everything together on my own. It was a great way to validate the skills I had built up throughout

This room provided an introduction to the process of malware analysis. I learned about static and dynamic analysis, and how to safely examine malware samples in a controlled environment. The focus was on understanding the behavior of malware and the clues it leaves behind. Completing this room gave me a better appreciation of the analyst’s

In this room, I got hands-on with TheHive Project, an incident response platform designed to help teams manage investigations. I learned how to create and track cases, collaborate on findings, and connect alerts from multiple sources into a single workflow. TheHive reinforced the importance of organization and collaboration in DFIR. It showed me how analysts

This room introduced me to Velociraptor, an endpoint visibility and forensics tool that allows large-scale collection and monitoring. I learned how to query endpoints, collect forensic data, and investigate suspicious activity across multiple systems at once. Working with Velociraptor highlighted how powerful centralized forensics can be for enterprise environments. It showed me how this tool

In this room, I explored Volatility, another powerful memory forensics framework. I learned how to run plugins to extract detailed information from memory captures, such as processes, DLLs, network connections, and evidence of malicious activity. The exercises helped me understand the depth of insight memory forensics provides. Volatility made it clear that even volatile data

Here, I worked with Kroll Artifact Parser and Extractor (KAPE), a tool designed to quickly gather and parse forensic artifacts from endpoints. I learned how to configure it, collect targeted data, and use modules to analyze the results. KAPE showed me how automation can make forensic work faster and more focused. The room demonstrated how