Training path
Getting started in DFIR
Building your lab or a test environment
Learning DFIR common tools and techniques
Learning adversary tactics
Being ready for the cloud
In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
Training Labs
Training with real-world exercises
Malware analysis training
Existing curated collection of resources
From the most to the least curated
DFIR books
Intelligence-Driven Incident Response
Intelligence-Driven Incident Response
Rebekah Brown, Scott J. Roberts
August 1, 2017
MacOS and *OS Internals
Crafting the Infosec Playbook
Crafting the Infosec Playbook
Jeff Bollinger, Brandon Enright & Matthew Valites
May 1, 2015
Computer Incident Response and Forensics Team Management
Computer Incident Response and Forensics Team Management
Leighton Johnson
November 1, 2013
The Psychology of Intelligence Analysis
The Psychology of Intelligence Analysis
Richard J Heuer
September 1, 2010
Mac OS X System Administration Reference, Volume ‪1