CIFR: Cyber Incident – Forensic Response – Australia

WHEN             14 – 25 October 2024

Where            Level 12, Karstens, 123 Queen Street, Melbourne CBD, Australia

COST               $6,000 Australian Dollars

EQUIPMENT:  Classroom laptops will be given to the students to take home and keep.

CIFR uses a real network environment in the classroom to simulate a corporate network, integrating actual network and domain architecture into the instruction to increase realism. Students interact with Windows and Linux VMs running on a Xen hypervisor server in the class and are shown how their actions are presented at the local, domain and SIEM logging levels. The class has a large number of labs, based on a belief the student learns better by doing the task vs reading about the task in bullets on a slide presentation.

Instruction includes over 30 hands-on activities, including:

  • A full day on using Linux command line for log analysis
  • Multiple Wireshark pcap analysis exercises
  • Multiple malware dynamic and static analysis exercises (no RE malware analysis)
  • Local and network-based RAM capture
  • RAM analysis with Volatility3
  • Compromised Linux image analysis
  • Windows analysis with multiple tools
  • Velociraptor deployment and analysis
  • Remote analysis with Forensic Explorer
  • Network imaging using dd and ssh, and dd and netcat
  • Windows analysis with KAPE and Axiom

CTF exercises include:

  • Analyzing actual logs from a web server defacement incident
  • Using Wireshark to solve a cyber stalking incident
  • Analyzing logs from multiple systems to solve an ssh attack scenario

The class concludes with a ransomware attack on the classroom training environment, where the students witness the various steps in the attack process, then start analysis of their victim system once it has been encrypted during the attack.

 Click here to view Schedule



Registration for this class is being handled by our Australian partner MCAA.

Please see for details or contact

Confirmation of registration will be provided on a “first paid – first confirmed” basis.

Payment MUST BE RECEIVED at least 45 days prior to the first day of class.

Cancellations to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.

On-Site Check-in Time is:

             Monday, 14 October 2024: 0730 – 0800


Please read the following notes regarding this class:

  1. Classes begin at 8:00 AM and conclude at 5:00 PM each day, with a one-hour lunch break. Class will end at 12:00 PM on the last day.
  2. The dress code is business casual (collared shirts and slacks).The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom.
  3. Personal computers are not permitted in the classroom
  4. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.


If IACIS is unable to hold their 2024 Melbourne training event, then all students who have registered and paid, will receive full refund.  IACIS is not responsible for any outside expenses (e.g. travel and accommodation) in the event of the training event being cancelled.