ICSI is a UK registered company that offers specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals. It was created in response to the growing threats of cyber-crimes and the resulting demand for data security and protection.

ICSI | Certifications

Bletchley Park Science and Innovation Centre Bletchley , Milton Keynes 

tel: +44 (0) 19 08 88 04 93

Contrary to other course providers, our technical courses exams are performance based (not multiple choice). This assures any prospective employer that you are indeed familiar with real-life cybersecurity problems, and gives you the confidence you will need in a new work environment.

Required Courses:

  1. Digital Forensics, Incident Response, and Threat Hunting


  1. Exam Code: CDFE [Hours 2.5, Type: Hands-On, Passing Grade 70%]



Download Course Outline

File Recovery

Course Outline: Digital Forensics, Incident Response, and Threat Hunting

Certification: ICSI|CDFE Certified Digital Forensics Examiner

Duration:  5 Days 

Candidate Prerequisites: 

Familiarity with Windows and Linux Operating System and basic knowledge digital forensics principles. 


This course provides a holistic view of how Incident Response is implemented in the real world, including Incident Response preparation, acquiring and analyzing digital forensic images and analyzing host and network data. Malware analysis, Threat intelligence and report creation are also included.

Who Should Attend:
Security Professionals seeking to acquire basic to intermediate knowledge in Digital Forensics and Incident Response.


What is Included:
•    eBook
•    Lab Guide
•    6 months 24x7 remote access to a virtual lab
•    1 exam voucher - Online Exam Proctoring 
•    Certificate of Attendance (Digital)

Module 1: Incident Response 
•    Introduction to Incident Response
•    Incident Response Framework and response plan
•    Incident Response Playbook 

Module 2: Introduction to Digital Forensics 
•    Laws and Regulations
•    Digital Forensics Process

Module 3: Collecting Network Evidence
•    Log Configuration Management
•    Network Device Evidence (SIEM)
•    Packet Capture (Wireshark, WinPcap & RawCap)

Module 4: Capturing Evidence from Hosts Systems
•    Capturing Volatile Data (FTK Imager)
•    Remote Acquisition
•    Capturing Virtual Machine Memory
•    Non Volatile Data

Module 5: Forensic Imaging 
•    Preparation 
•    Imaging Types

Module 6: Analyzing Network Evidence
•    Analyzing network packets with Wireshark 
•    Network log analysis

Module 7: Memory Analysis 
•    Memory Investigation Approach
•    Analyzing Network Connections

Module 8: Storage Analysis
•    Commercial Platforms 
•    Storage analysis using Autopsy

Module 9: Incident & Forensic Reporting 
•    Documentation 
•    Creating Reports

Module 10: Malware Analysis 
•    Malware Analysis Overview
•    Static vs Dynamic Analysis

Module 11: Threat Intelligence
•    Threat Intelligence Overview
•    Threat Intelligence Methodology
•    Sources and Platforms