Save $200 on this intake
Limited seats available at this price
2-Day Instructor-Led Programme
Learn a practical cloud DFIR workflow using logs and identity trails to investigate incidents and produce defensible evidence packs.
Duration
2 Days
Price
$2,099
(was $1,799)
Pricing applies to the current cohort only. Book now to secure this rate.
Cloud DFIR Foundations is designed for analysts who need to investigate cloud incidents using the evidence that cloud platforms actually provide: audit logs, identity trails, and service telemetry. You will learn how to frame an investigation, pull the right signals, and build a defensible narrative without relying on assumptions. This approach maps to established incident handling lifecycles, including detection and analysis, containment, and recovery.
Delivered through mentor-led sessions, the course uses practical scenarios to develop a repeatable, tool-agnostic workflow: define the question, identify the evidence sources, collect and preserve evidence responsibly, correlate events into timelines, and write a clean handover. The evidence capture discipline is guided by recognised digital forensic process thinking, with a focus on integrity and documentation.
Across two intensive days, you will produce investigation outputs that are usable in real SOC and IR operations: cloud evidence packs, identity pivot notes, and escalation briefs. We also reference modern cloud log management expectations, including why poorly managed cloud logs can make investigations infeasible. Aligned with recognised best practices including ISO, GDPR, NIST and SOC 2, ensuring skills remain practical and deployable in real organisations. All prices are exclusive of VAT (where applicable). Group enrolments and custom packages available.
Scenario simulations that result in evidence packs, identity trail pivots, timelines, and escalation briefs.
Mentor-led investigation clinics with feedback on triage decisions, correlation quality, and documentation.
A repeatable cloud investigation workflow for SOC L2 and incident response handovers.
Design a cloud DFIR workflow for investigations.
Analyse logs and identity trails to build timelines.
Implement defensible evidence capture and documentation.
Lead triage decisions and escalation readiness under pressure.
Communicate findings through clear stakeholder reporting.
Evaluate logging gaps and propose practical improvements.
Basic understanding of cloud concepts
Familiarity with logs and alert terminology
Comfortable writing structured notes
Step-by-step learning journey from basics to professional practice
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Everything you need to know about the certification exams
ou will receive an Xcademia certificate of completion based on participation and successful completion of scenario simulations and the final cloud evidence pack deliverable.
Everything you need to know about this course
No. The course teaches a tool-agnostic DFIR workflow and uses vendor-neutral patterns for logs and identity trails, with optional examples to help you recognise common log types across platforms.
Take the next step in your professional development