Cyber Security23hrs 52min

Digital Forensics Professional

Securetain Premium’s Digital Forensics Professional path pairs expert-led courses with 24 hands-on labs, 28 videos, 4 courses, and 20 quizzes so blue teamers rehearse the eCDFP exam inside a fully featured lab environment.

Complete the labs, document evidence thoroughly, and prove your skills inside the hands-on eCDFP examination environment.

Instructors: Ali HadiSecuRetain:eCDFP

Talk to an advisor Back to catalog

Path note

Securetain Premium subscribers unlock the full forensic catalog plus the eCDFP exam voucher (180-day validity) once labs and courses are complete.

Snapshot

At a glance

Delivery: Securetain Premium + 24 forensic labs
Certification: Securetain Security eCDFP (Certified Digital Forensics Professional)
Duration: 23h 52m of guided instruction

Overview

Path at a glance

Digital Forensics Professional teaches how to gather, preserve, analyze, and report on digital artifacts from endpoints and the wire using Securetain’s real-world labs.

The curriculum mirrors the eCDFP blueprint (Evidence Preservation, Fundamentals, Storage, and Tools) so every module reinforces the exam’s practical scenarios.

Focus

Focus areas

Step 1
Acquire volatile and non-volatile data, perform file carving, partition/metadata inspection, and analyze application artifacts such as shellbags, USB history, prefetch, and registry traces.
Step 2
Walk through FAT/NTFS file systems, corrupted disk recovery, and hidden data locations so every forensic acquisition is repeatable and admissible.
Step 3
Analyze both endpoint and network evidence (logs, timelines, packet captures) before documenting findings in structured, exam-ready reports that align to the eCDFP blueprint.

Delivery

How this path is delivered

Certification

Exam focus

SecuRetain:eCDFP (Certified Digital Forensics Professional) tied to Securetain Security’s eCDFP exam

Curriculum

What you'll cover

Evidence Acquisition & Preservation

Plan acquisition, capture volatile memory, secure disks, enforce chain of custody, and collect network packets without contaminating evidence.

File Carving & Metadata Analysis

Carve hidden files, inspect headers, analyze metadata, and understand file structures to recover deleted or corrupted artifacts.

Windows & Endpoint Artifact Analysis

Investigate Windows registry (NTUSER, SAM), LNK files, prefetch, shellbags, USB artifacts, and shadow copies to reconstruct user activity.

Storage, Partition, & Disk Recovery

Examine FAT/NTFS structures, recover corrupted partitions, and access hidden/encrypted volumes when standard mounts fail.

Network/Timeline Logging & Reporting

Combine log, packet, and timeline analysis to tell a complete story, then document findings in an eCDFP-style report ready for stakeholders.

Labs

Hands-on practice

Capture volatile RAM, network traffic, and file system images, then validate your acquisition through hashing and chain-of-custody reporting.
Carve deleted files, inspect metadata, and recover hidden partitions to prove you can locate adversary artifacts.
Analyze Windows artifacts (registry, LNK, shellbag, USB history, prefetch) and create a timeline that matches live incident scenarios.

Skills

Skills you practice

Forensic acquisition planning (volatile memory, disk imaging, packet captures)File carving, metadata, and corrupted-partition recoveryWindows artifact analysis (registry, LNK, Prefetch, shellbags, USB history)Log/timeline construction and packet analysis for complete incident narrativesExam-ready reporting aligned with the eCDFP blueprint

Audience

Ideal learners

Senior incident responders and digital forensic analysts who need structured, lab-first investigations
Security engineers and SOC specialists capturing artifact-rich evidence for threat actors
Law enforcement, MSP/MSSP responders, and blue team staff aligning investigations to the eCDFP exam objectives

Availability

What to expect

Securetain Premium subscribers unlock the full forensic catalog plus the eCDFP exam voucher (180-day validity) once labs and courses are complete.