Incident Analysis

This is a two-day training. It takes place online on March 24 and 25, 2021.

This training is a practical Incident Analysis workshop, focusing on Windows systems and a bit traffic analysis with lots of hands on exercises. It is designed for anybody with IT background, willing to learn some of the essential steps during an incident analysis. This is not an advanced class, but more of an incident analysis 101 with a steep learning curve. Topics such as incident handling and incident response will not be part of this course.

During this course you will (hopefully ;-) ) learn a lot about windows/malware internals, and how to:

  • Identify Indicators of Compromise

  • Analyze network traffic for suspicious behavior

  • Investigate disk images

  • Analyze memory dumps with volatility

  • Differentiate malware from harmless software

  • Analyze malware (behavior)

  • Correlate gathered logfiles to a specific incident

The language of this course depends on the attendees: if only Germans attend the training, it will be done in Deutsch, otherwise the training will be done in English.


  • TCP/IP Knowledge

  • Be familiar with a shell

Good to have, but not necessary:

  • Experience with at least one programming language

  • Basic knowledge about hacking techniques


  • A laptop with administrative privileges and pre-installed VirtualBox

About the Speakers