Incident Analysis

This training is a practical Incident Analysis workshop, focusing on Windows systems and a bit traffic analysis with lots of hands on exercises. It is designed for anybody with IT background, willing to learn some of the essential steps during an incident analysis. This is not an advanced class, but more of an incident analysis 101 with a steep learning curve. Topics such as incident handling and incident response will not be part of this course.

During this course you will (hopefully ;-) ) learn a lot about windows/malware internals, and how to:

  • Identify Indicators of Compromise

  • Analyze network traffic for suspicious behavior

  • Investigate disk images

  • Analyze memory dumps with volatility

  • Differentiate malware from harmless software

  • Analyze malware (behavior)

  • Corelate gathered logfiles to a specific incident

The language of this course depends on the attendees: if only Germans attend the training, it will be done in Deutsch, otherwise the training will be done in English.


  • TCP/IP Knowledge

  • Be familiar with a shell

Good to have, but not necessary:

  • Experience with at least one programming language

  • Basic knowledge about hacking techniques


  • A laptop with administrative privileges and pre-installed VirtualBox

  • Wireshark usage

About the Speakers