5-Day Instructor-Led Programme
The XDFI Certification Programme is the practitioner standard for digital forensics and incident response professionals who investigate, contain, and recover from cyber incidents across enterprise environments. Assessed on Day 7 through a supervised forensic investigation and IR debrief — no multiple choice, no exam, no certprep guides to memorise.
Duration
5 Days
Price
$6,245
When a breach occurs, organisations need practitioners who can act decisively — preserving evidence, containing the threat, eradicating the attacker, and recovering operations while maintaining the chain of custody that protects legal outcomes. The DFIR professional who knows only theory is a liability in a live incident. XDFI is built for professionals who need to demonstrate practical forensic and IR capability under pressure.
Across seven instructor-led days, participants build capability across the complete DFIR lifecycle: evidence acquisition and chain of custody, Windows and Linux forensics, memory analysis, network forensics, cloud incident response, mobile forensics fundamentals, malware triage, and professional incident reporting. Every session uses real artefacts, real tools, and realistic breach scenarios that mirror current threat actor post-compromise behaviour.
On Day 7, participants investigate a simulated breach scenario: they acquire and analyse evidence, develop a timeline, attribute the attacker, and produce a professional forensic investigation report and IR playbook. A senior practitioner observes methodology and issues the Practitioner Assessment Report with the XDFI certificate. Aligned with NIST SP 800-61, ISO 27035, ACPO Digital Evidence Guidelines, DORA Article 17–23, NIS2 Article 23, UK GDPR Article 33, and NHS DSPT.
Hands-on evidence acquisition (disk, memory, cloud), Windows registry and event log forensics, Volatility memory analysis, Wireshark and Zeek network forensics, AWS/Azure cloud IR, and malware triage using real post-incident artefacts.
Mentor-led sessions examining real-world breach timelines, forensic investigation methodology, chain of custody standards, and the regulatory reporting obligations triggered by different incident types.
Conduct structured digital forensic investigations and incident response engagements, preserve legally sound evidence, and produce professional investigation reports that satisfy regulatory and legal requirements.
Conduct structured digital forensic investigations preserving legally sound chain of custody across disk, memory, network, and cloud evidence sources
Analyse Windows, Linux, and macOS forensic artefacts to reconstruct attack timelines and attribute adversary techniques to MITRE ATT&CK
Perform memory forensics using Volatility 3 to identify malicious processes, code injection, and credential theft
Investigate cloud incidents across AWS, Azure, and Microsoft 365 using native logging and forensic acquisition techniques
Triage malware samples using static and dynamic analysis and extract indicators of compromise for detection and attribution
Produce professional forensic investigation reports and incident playbooks aligned to NIS2, DORA, UK GDPR, and NHS DSPT regulatory requirements
Minimum 12 months in a SOC, IT operations, or security engineering role with exposure to security incidents
Basic understanding of Windows and Linux operating systems, file systems, and networking fundamentals
Familiarity with at least one security tool: SIEM, EDR, or network analysis (Wireshark)
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Typical next step: XCIR (Incident Response Practitioner) for operational IR depth, or XMRE (Malware Reverse Engineering Practitioner) for advanced malware analysis.
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of XDFI — Xcademia Digital Forensics & IR Practitioner , learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
CHFI is a 5-day course followed by a 150 multiple choice exam. XDFI is 7 instructor-led days ending in a supervised forensic investigation on Day 7 where participants analyse real artefacts, reconstruct an attack timeline, and produce a professional investigation report. The Practitioner Assessment Report documents exactly what was demonstrated and who verified it. CHFI costs $999 for the exam alone. XDFI is all in for one price
Take the next step in your professional development