The International Association of Computer Investigative Specialists

FLEX: Forensic Linux Examination

FLEX Course Overview

This course is designed to help forensic examiners who lack an understanding of Linux artifacts as well as how to leverage Linux tools for conducting forensic exams. To meet this goal the students will learn Linux operating system fundamentals and gain proficiency with command line and bash shell scripting to accomplish forensic tasks. This knowledge will be leveraged to learn strategies for analyzing Linux systems.

Students will be exposed to Linux in three different modes: Linux in a virtual machine on a Windows host, the Windows Subsystem for Linux, and a bootable Linux thumb drive. By working through practical scenarios, students will learn the pros and cons of each mode.

This course assumes the student has some experience doing Windows investigations but little or no experience using and/or analyzing Linux.  The only prerequisite for the class is a willingness to type commands rather than click their mouse.

At the end of this course, the student will:

  • Gain an understanding of Linux command line basics and become a more proficient Linux user.
  • Learn how Windows or Linux exam may be augmented by native Linux CLI commands and graphic tools.
  • Understand Linux operating system artifacts conduct analysis of Linux systems.

Quick Details

Core Competencies / Details

There are three competency areas addressed in the FLEX course

  1. General Linux
  2. Linux Forensic Artifacts
  3. Tools for Linux Forensic Analysis

Download PDFPlease click here to download the official FLEX Core Competencies document which includes details for each core competency.

Download DOcument

IACIS ChairGuided by industry-leading professionals, including a distinguished IACIS Chair, the FLEX course content stays consistently updated to reflect the latest cybersecurity and digital forensic best practices.

See Upcoming Events

Apply knowledge towards:

CFCE IACIS Certification

CFCE

Certified Forensic Computer Examiner Program

CAWFE IACIS Certification

ICMDE

Certified Mobile Device Examiner

CMDE IACIS Certification

CAWFE

Certified Advanced Windows Forensic Examiner

2025 Orlando Training Conference
2025
Orlando, FL
Learn More
See More Events
Upcoming events Details of the next event for this course

Where and When is the FLEX Course Offered?

IACIS offers the CIFR course at multiple locations, accommodating the varied schedules of our professional audience. For course dates and locations, please visit our page.

How to Register for this Course

Existing IACIS members, simply log in with your IACIS credentials and go to the PURCHASE TRAINING page to purchase and register for the course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Go to the PURCHASE TRAINING page to purchase and register for the course and complete your membership application.

Register Now
Skip to content