Log Analysis
Host Forensics Walkthrough
Follow a single workstation storyline from first suspicious process to containment recommendation using log slices and timeline stitching.
- Duration
- 22 hours over 3 weeks
- Format
- Self-paced with checkpoints
- Tuition (informational)
- ₩349,000
Tuition is informational on this static site. Operational agreements happen offline with your procurement team.
Inside the lab
You reconstruct a day-in-the-life timeline from host telemetry, correlate scheduled tasks, and document what you would ask an endpoint owner next. The narrative stays procedural so you practice explanations for stakeholders who are not deep in security tooling.
What you practice
- Side-by-side timeline and raw log panes
- Checklist for memory vs disk evidence decisions
- Short writing prompts for stakeholder summaries
- Scenario variants for Windows and Linux hosts
- Office hours with a technical instructor
- Quality standards checklist before final submission
Outcomes
- Build a defensible timeline with cited log lines
- Draft a plain-language update for non-specialists
- Flag gaps where more telemetry would change the story
Noah Andersson
SOC simulation designer who builds host-centric storylines for cohort programs.
FAQ — two column tabs
Questions on the left cover access and scope; right column covers expectations.
No. All hosts and users are fictional; telemetry is synthesized to resemble common shapes without copying any customer.
None beyond a modern browser. Heavy lifting happens in the lab environment.
Written feedback on your final packet within five business days, plus optional live Q&A.
Experience notes
“The timeline stitching module finally made scheduled task chains click for me. I still keep the stakeholder summary template.”