Introduction to Malware Forensics(WBT)

This online course explains how to determine whether a Windows system is infected with malware. It covers the tools that computer forensics practitioners use to examine a system, build a timeline of events and preserve the state of the system or data they are examining. Common malware attachment points in the Windows operating system are also described.

Learning Objectives

After completing this course, learners should be able to:

  • Describe processes and tools used for the preservation of evidence
  • Create and preserve disk images
  • Understand common methods of malware infection
  • Describe basic file system analysis
  • Understand general investigative techniques
  • Describe malware artifacts on the Windows OS

Who Should Attend

Any FireEye customer.


Background in computer science recommended but not required.

Technical Requirements

This course includes animation with audio narration and requires Adobe Flash Player and speakers or headphones.


8-9 hours

Course Outline

  1. Initial Incident Response Processes and Preservation of Evidence
  2. Preserving Memory
  3. Creating and Preserving Disk Images
  4. Common Methods of Malware
  5. Investigative Techniques
  6. Reporting

Web-Based Training Web-Based Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.