Affordable Training Categories

Affordable DFIR Related Certifications With Training

DFIR Related Certifications

This is a curated list of DFIR Related Certifications that you can get for under $1,000 with training included.

I personally think many of the certifications listed, especially the hands-on certifications, should get more recognition by HR and hiring managers. My goal is to take as many of these as I can and do a blog series on DFIR Diva and Get Your Start Careers about lesser known DFIR Related certifications that should be on hiring managers radar. Stay tuned!

Name & Direct LinkPlatform/InstructorTraining & Exam PricingTopicsExam Type
Blue Team Level 1 (BTL1)

(This is the best one for beginners)
Security Blue TeamTraining + Exam: £499 ($687.35)

Includes 4 months of training access, exam voucher, and free retake. The exam is a 24-hour practical exam.
Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Windows and Linux Investigations, Volatility, Autopsy, Digital Evidence Collection, SIEM, Logging, Splunk, Incident Response, MITRE ATT&CKPractical Hands-On
MDFIR - Certified DFIR SpecialistMossé Cyber Security Institute$450 includes practical exercises and the certification.

This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from Novice DFIR Practitioner up to Certified Expert DFIR Practitioner. There is no time limit to complete it.
File Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports, Documentation and Procedures.Practical Hands-On
MBT - Certified Blue TeamerMossé Cyber Security Institute$450 includes the practical exercises and certification.

This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Blue Team Learner up to MCSI Certified Expert Blue Team Practitioner. There is no time limit to complete it.
Malware Analysis, Threat Hunting, Cyber Defence, Incident Response, OSINT, Memory Forensics, Threat Intelligence, Binary Classification, Static Code Analysis, Enterprise InvestigationsPractical Hands-On
Cybersec First Responder (CFR)

(This certification is listed under most of the CSSP categories of the DoD Approved 8570 Baseline Certifications)
CertNexusThere are several different exam bundles that can include the print book, eBook, eLearning, certification voucher and labs for under $1,000Log Analysis, SIEM Tools, Regular Expressions, Using Windows and Linux Tools to Analyze Incidents, Methods and Tools for Malware Analysis, IOCs, Incident Response Process, Forensic Analysis, Mitigation, Windows Event LogsMultiple Choice

eLearnSecurity Certified Digital Forensics Professional (eCDFP)

INE/eLearnSecurity - Instructor: Ali HadiINE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total

Alternatively, INE offers training at $49/month with a full-price voucher at $400.
Aquisition, File & Disk Analysis, System & Network Forensics, Logs, Timelines & Reporting, File Carving, Creating Custom Carving Signatures, Windows Registry, LNK Files, Prefetch Files, USB Devices, Shellbags, Recycle BinPractical Hands-On

eLearnSecurity Certified Incident Responder (eCIR)

INE/eLearnSecurity - Instructor: Dimitrios BougioukasINE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total

Alternatively, INE offers training at $49/month with a full-price voucher at $400.
Detecting Cyber Attacks, SIEM, Analyzing Traffic, Flows, and Endpoints, Utilizing Threat Intelligence, IDS, Log ManagementPractical Hands-On

eLearnSecurity Certified Malware Analysis Professional (eCMAP)

INE/eLearnSecurity - Instructor: Ali HadiINE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total

Alternatively, INE offers training at $49/month with a full-price voucher at $400.
x64 Bit Assembly, Analyzing PE File Structure, Packed Malware Identification and Analysis, IOCs, YARA Rules, Processes, DLLs, Handles, Droppers, Reverse Engineering, Unpacking Malware, DebuggingPractical Hands-On

eLearnSecurity Certified Reverse Engineer (eCRE)

INE/eLearnSecurity - Instructor: Kyriakos EconomouINE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total

Alternatively, INE offers training at $49/month with a full-price voucher at $400.
Reverse Engineering Foundations, Practical Reverse Engineering, The Stack, Algorithm Reversing, String References and Basic Patching, Windows Registry Manipulation, File Manipulation, Anti-Reversing Tricks, Code Obfuscation, Analyzing Packers, Debugging Multi-Thread ApplicationsPractical Hands-On
eLearnSecurity Certified Threat Hunting Professional (eCTHPv2)INE/eLearnSecurity - Instructor: Slavi ParpulevINE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total

Alternatively, INE offers training at $49/month with a full-price voucher at $400.
Memory Forensics Using Redline, Volatility, and Other Tools, Network Traffic Analysis, Using Threat Intelligence to Hunt for Threats, Detecting Advanced Hacking Techniques, Using Tools Such as Powershell, ELK and Splunk to Analyze Windows Events and Detect AttacksPractical Hands-On
MOIS - Certified OSINT ExpertMossé Cyber Security Institute$450 includes the practical exercises and certification.

This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI OSINT Learner up to MCSI Certified Expert OSINT Practitioner. There is no time limit to complete it.
Creating an Anonymous Presence to be Used to Conduct Online Investigative Research, Collect Data From IP Addresses, Domain Names, Email Addresses, Documents, Search Engines, Code Repositories, Data Breaches, Social Media Platforms and more, Write Tools in Python to Interact With APIs and Automate the OSINT Data Collection Process, Develop Professionial Procedures and Methodologies.Practical Hands-On
MRE - Certified Reverse EngineerMossé Cyber Security Institute$450 includes the practical exercises and certification.

This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Reverse Engineering Learner up to MCSI Certified Expert Reverse Engineering Practitioner. There is no time limit to complete it.
Programming for Reverse Engineering, Windows Internals for Reverse Engineering, Binary Classification, Memory Forensics for Malware Analysis, Ghidra, Malware in Documents, Static and Dynamic Code Analysis, Code DeobfuscationPractical Hands-On
MCD - Certified Code Deobfuscation SpecialistMossé Cyber Security Institute$450 includes the practical exercises and certification.

This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Code Deobfuscation Learner up to MCSI Certified Expert Code Deobfuscation Specialist Practitioner. There is no time limit to complete it.
Ghidra Fundamentals, Writing a Ghidra Plugin, Code Obfuscation Techniques, VM Protection Techniques, Automated Binary Analysis, Automated Code Deobfuscation Techniques.Practical/Hands-On
C)DFE - Certified Digital Forensics ExaminerMile2$995 Includes Training Videos, Labs, E-Book and Exam VoucherComputer Forensic Incidents, Investigative Theory, Investigative Process, Digital Aquisition and Analysis Tools, Disks and Storage, Live Acquisition, Windows Forensics, Linux Forensics, Mac Forensics, Examination Protocols, Digital Evidence Protocols and Preservation, Laboratory Protocols, Specialized Artifact Recovery, eDiscovery and ESI, Mobile Forensics, Incident Handling, ReportingMultiple Choice
C)NFE - Certified Network Forensics ExaminerMile2$995 Includes Training Videos, Labs, E-Book and Exam VoucherDigital Evidence, Network Evidence, Network Forensics, Internet Protocol Suite, Traffic Acquisition Software, Live Acquisition, Phyiscal Interception, Analysis, Layer 2 Protocol, Wireless Access Points, Wireless Attacks, NIDS, Centralized Logging, Syslog, Network Tunneling, Malware Forensics, Network Tunnelling.Multiple Choice
C)IHE - Certified Incident Handling EngineerMile2$995 Includes Training Videos, Labs, E-Book and Exam VoucherIncident Handling, Threats, Vulnerabilities, Exploits, Preparation, First Response, Containment, Eradication, Recovery, Follow-Up, Computer Securirity Incident Response Team, Log File Analysis, Malware, Rootkits, Botnets, Artifact AnalysisMultiple Choice
MITRE ATT&CK DefenderMITRE Engenuity$299 Per Year Includes Training and Certification (There is Free Training on Cybrary Without Certification)Threat Intelligence, Security Operations, Threat EmulationMultiple Choice

DFIR, OSINT, and Malware Analysis Books

DFIR Books

I partnered with companies I have personally bought books from. I receive a small percentage of the revenue of books purchased using the links from this site that go toward the cost of running DFIR Diva and Get Your Start Careers.

Apress DFIR Related Titles

  • Digital Forensics Basics
  • Practical Cyber Forensics
  • Pro iOS Security and Forensics
  • Oracle Incident Response and Forensics
  • Cybersecurity Incident Response
  • Powershell and Python Together
  • iOS Forensic Analysis
  • Open Source Intelligence Methods and Tools
  • Ransomware Revealed
  • Malware Analysis and Detection Engineering

Books on Amazon

Digital Forensics and Incident Response Books
Malware Analysis and Reverse Engineering Books
Programming and Scripting Books
OSINT Books

Affordable Digital Forensics Training

Digital Forensics Training

For the purpose of this site, “affordable” is under $1,000

I will try to keep up with price changes, however, the prices listed here may not always be accurate.

Name & Direct LinkPlatform/InstructorPrice in US DollarsPrice FrequencyTopics
AccessData Password Recovery Toolkit (PRTK)Pluralsight - Larry Glusman29Monthly (There are also $299 and $449 yearly options)Understanding and Initializing Password Recovery Toolkit, Identify Encrypted Files with FTK, User the Dictionary Tool in PRTK, Decrypting Files and Containers with PRTK
Legal and Ethical Considerations for Digital ForensicsPluralsight - Bobby Rogers29Monthly (There are also $299 and $449 yearly options)Understanding Legal and Ethical Aspects of Digital Forensics, Collecting and Handling Evidence, Presenting Digital Evidence, Navigating the US Legal System in Digital Forensics, Understanding International Issues in Digital Forensics
AccessData Forensic Toolkit (FTK) ImagerPluralsight - Phil Chapman29Monthly (There are also $299 and $449 yearly options)FTK Imager
Getting Started with Memory Forensics Using VolatilityPluralsight - Collin Montenegro29Monthly (There are also $299 and $449 yearly options)Getting Started with Volatility, Memory Profile Creation and Command-Line Basics for Linux, macOS and Windows
Incident Forensics: Digital Media AcquisitionPluralsight - Ricardo Reimao29Monthly (There are also $299 and $449 yearly options)Digital Media Acquisition, The Overall Digital Forensics Process, Preparing for the Data Acquisition
Digital Forensics: Getting StartedPluralsight - Shoaib Arshad29Monthly (There are also $299 and $449 yearly options)Applying Forensic Science to Digital Forensics, Understanding the Role of Digital Evidence, Investigating Cybercrime
Setting up a Forensic WorkstationPluralsight - Robert McMillen29Monthly (There are also $299 and $449 yearly options)Virtual Machines, Checkpoints, Sandboxing, Gathering Forensic Data for Legal Inquiry, Installing Forensic Applications, FTK Imager, Autopsy, Backups and Redundancy
USB ForensicsPluralsight - Philip Polstra29Monthly (There are also $299 and $449 yearly options)USB Forensics, Writeblocking and Impersonation, Duplication
iOS Social Media ForensicseForensics Magazine - Kinga Kięczkowska249One Time (Can also get all courses for $890/year)iPhone Mobile Analysis, Facebook, Facebook Messenger, WhatsApp, Instagram, Python Scripting, SQL Queries,
Digital Forensic ImagingeForensics Magazine - David Tatum249One Time (Can also get all courses for $890/year)Forensic Imaging, Hashing, Extraction, Examining Unallocated and Slack Space, Imaging HDDs and SDDs, Creating RAID Images, Memory Images, SaaS-based Images, Imaging Virtua Hard Drives in a VM, Enterprise-Wide Triage Imaging
Android Mobile ForensicseForensics Magazine - Divya Lakshmanan249One Time (Can also get all courses for $890/year)Android Incident Response, Unrooted & Rooted Device Analysis, Static Android Malware Analysis, Dynamic Android Malware Analysis, SIM Card Analysis, Encrypted Devices
Drone ForensicseForensics Magazine - Alan Roder249One Time (Can also get all courses for $890/year)UAVs, UAS, UAV Components, UAV Related Criminal Activities, Initial Response, Preservation, Audits and Logs, Seizure
Digital Video ForensicseForensics Magazine - Raahat D Singh249One Time (Can also get all courses for $890/year)Digital Video Concepts, Technical Issues Related to Video Recordings, Categories of Digital Videos, Videos as Forensic Evidence, Admissibility of Video Evidence, Forensic Video Analysis
Recovering Virtual Machines From Lost VMFS PartitionseForensics Magazine - Washington Almeida79One Time (Can also get all courses for $890/year)Virtual Machines (VMs), RAW Images, dcfldd, losetup, vmsf-tools, How to Identify and Manage VMFS Partitions
Project AresCircadence90Per Month (There is also a $900/Annual Option)This is a hands-on gamified learning platform that covers several areas including Forensics, Linux, and Scripting.
An Introduction to Digital ForensicsSecurity Blue Team26.71One TimeChain of Custody, Types of Evidence, File Carving, Linux Command Line, Stenography, Cracking ZIP Files
Everyday Digital ForensicsCybrary49.50Per Month for all courses - There is also a $299 per year optionDigital Forensics Investigation, Investigation Process, Data Acquisition, Evidence Logs, File Systems, Mobile Forensics, Image Analysis
Autopsy Basics and Hands-OnBasis Technology - Brian Carrier495One TimeAutopsy Installation, Cases and Data Sources, UI Basics, Hash Lookup, Modules, Keyword Search, Correlation Engine, Android Analyzer, Timeline Interface, Image Gallery, Tagging, Commenting & Reporting
Introduction to FTK Imager - On DemandAccessData100One TimeFTK Imager Features and Processes, Creating a Forensic Image, Viewing Evidence, Triage Process
Introduction to Password Recovery Toolkit - On DemandAccessData100One TimeFeatures and Processes of Password Recovery Toolkit, Creating Dictionaries, Word List Creation
Introduction to Forensic Toolkit - On DemandAccessData500One TimeForensic Toolkit Administration and Setup, Interface, Filtering and Searching, Known File Filter, Exporting and Reporting
New Technology File System (NTFS) ForensicseForensics Magazine - Divya Lakshmanan229One Time (Can also get all courses for $890/year)Processing System Files, Processing User Files, Features of NTFS, Sleuth Kit, Alternate Data Streams
Fourth Extended File System (EXT4) ForensicseForensics Magazine - Divya Lakshmanan219One Time (Can also get all courses for $890/year)Understanding EXT4, Locating Files and Directories, Forensically Interpreting EXT4 File System Features, Encryption
MDFIR - Certified DFIR SpecialistMosse Cyber Security Institute450One TimeFile Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports
Digital Forensics FundamentalsParaben Corporation Training Academy995One TimeEvidence Collection, Chain of Custody, Foundational Details of the Field of Digital Forensics. This course includes certification as a Certified Computer Examiner once the course and test are completed.
Linux ForensicsCodeRed24.99Per Month - There is also a $249/year option. Both options include access to all CodeRed courses.Linux History, Architecture, File System Overview, File Permissions, Editing File Properties, Root, Sudo, System Initialization, Emergency Alternative Start-Up Options, Shutting Down the System. Processes
INE - Digital ForensicsINE - Ali Hadi49Monthly (There is also a $499 and $749/year option)Digital Forensics, Logs, Timelines, Reporting, System & Network Forensics, Acquisition, File & Disk Analysis
Digital Forensics CoursesCyber 5W50One TimeEvidence Acquisition Under Windows and Linux, Working With FTK Imager, File Systems and Data Carving, Investigating Windows Program Executions, LNK and Jumplists, Windows Thumb Caches, Windows User & System Registry Artifacts, Windows Shellbags, USB Forensics, Volume Shadow Copies (VSC) and File History, Windows Event Logs, Encrypted Files
Linux Forensics, USB Forensics, & Windows ForensicsPentester Academy69MonthlyLinux, USB, Memory, Disk, and Windows Forensics

Affordable Incident Response Training

Incident Response Training

For the purpose of this site, “affordable” is under $1,000

I will try to keep up with price changes, however, the prices listed here may not always be accurate.

Name & Direct LinkPlatform/InstructorPrice in US DollarsPrice FrequencyTopics
Hands-On Incident Response FundamentalsPluralsight - Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Defining Incident Response, Common Incident Response Tasks, Analyzing Files, Base64, Threat Intelligence, IOCs
Operationalizing Cyber Threat Intel: Pivoting & HuntingPluralsight - Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Cyber Threat Intelligence (CTI), IOC Extraction, IOC Pivoting, IOC Hunting, Intel Management
Security Event Triage PathPluralsight - Various Instructors29Monthly (There are also $299 and $449 yearly options)Analyzing Network, Application, Machine & Endpoint Data, TTPS, KSAs, Tools, Detecting Malicious Traffic, Monitoring Assets and Topology, Detecting Anomalies, Statistical Baselining with SIEM Data
Streamlining Your Incident Response Process with SplunkPluralsight - Aaron Rosenmund and Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Introduction to Splunk, Log Data, Aggregation, Splunk Resources, Using Splunk. Note: In addition to this one, there are a lot of Splunk courses on Pluralsight including certification paths.
Investigation TheoryApplied Network Defense - Chris Sanders647One TimeMental Models for Approaching an Investigation, Interpreting Evidence, Asking Investigative Questions, Open Source Intel, Strategies for Tracking the Investigation Process, Finding Leads Without Alerts, Recognizing Negative Bias, Reporting
ELK for Security AnalysisApplied Network Defense - Chris Sanders497One TimeElasticsearch, Logstash, Kibana, Beats, JSON, Collecting and Manipulating Structured and Unstructured Data, Searching Data, Building Dashboards, Building Data Pipelines, Logs, Netflow, IDS Alerts, CSV Files
Building Virtual LabsApplied Network Defense - Tony Robinson197One TimeThis is a choose your own adventure style course where you can chose to build a lab with Snort, Suricata, or Splunk. IDS/IPS, SIEM, Log Aggregation.
Practical Threat HuntingApplied Network Defense - Chris Sanders647One TimeHunting Frameworks, MITRE ATT&CK, Common Types of Anomalies, Effective Note Taking, ELK, Hands-On Threat Hunting Labs
Practical Packet AnalysisApplied Network Defense - Chris Sanders797One TimeHow Networking Works at the Packet Level, Interpreting Packet Data, Wireshark, Filters, Network Protocols, Application Layer Protocols, Packet Carving Techniques, How Malware Communicates on the Network
Osquery for Security AnalysisApplied Network Defense - Josh Brower397One TimeCrafting SQL Queries, Interrogating Processes to Determine if They're Malicious, Uncovering Persistence and Lateral Movement, MITRE ATT&CK, Kolide, ELK Stack, Generating Alerts
Intrusion Detection with SuricataApplied Network Defense - Open Information Security Foundation497One TimeInstalling and Configuring Suricata, Techniques for Capturing Network Data, Rules, EveBox, JQ, Alerts
Demystifying Regular ExpressionsApplied Network Defense - Darrel Rendell197One TimeHow to Apply Regex, Building and Testing Regular Expressions, Writing Host-Based Detection with YARA, Grep, Snort Rules, Matching Host Logs in SIEMs
Project AresCircadence90Per Month (There is also a $900/Annual Option)This is a Hands-On gamified learning platform with paths that include Cyber Defense Analyst. There are also battle rooms that include forensics, Linux, and scripting as well as games to learn about protocols, Regex, and the Cyber Kill Chain.
LetsDefendLetsDefend15Per MonthThis is a SOC Simulation Environment including alerts, case management, log search, endpoint security and threat intelligence. Save 15% off right now using code DFND15. Proceeds using that code go to the Innocent Lives Foundation.
Mastering Wireshark (Video)Packt9.99Per Month (For everything on Packt) There is also a one time $124.99 purchase option for this course.Network Forensics, Wireshark Customization, Capturing and Examining Traffic, Analyzing Network Protocols, Analyzing Application Protocols, Command Line Tools, Expanding & Troubleshooting Wireshark
An Introduction to Network AnalysisSecurity Blue Team26.71One TimeNetworking 101, Wireshark, TCPDump, PCAP Analysis
Introduction to Threat HuntingSecurity Blue Team26.71One TimeThreat Hunting Explained, IOCs, Hunting for Malware, Hashing, Mandiant Redline, File Properties
Blue Team Level 1 (Training and Certification)Security Blue Team601.07One Time (The price includes training and two BTL1 certification exam attempts)Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Incident Response, SIEM
Hands-On Incident Response AnalysisPackt - Suni Gupta9.99Per Month (For everything on Packt) There is also a $124.99 one time purchase option for the course. Incident Response Strategy Formulation, Communication, Containment, Documentation, Forensics and Eradication. Detecting and Preventing Attacks, Handling Malicious Code, Insider Threats
Introduction to Malware Analysis for Incident RespondersPackt - Jason Dion9.99Per Month (For everything on Packt) There is also a $188.99 one time purchase option for the course. Symptoms and Activities, Types of Malware, Infection Vectors, Malware Analysis, FlareVM,
Incident Handler Career PathCybrary 49.50Per Month - There is also a $299 per year optionIncident Response Steps, Incident Response Planning, Implementing an Incident Response, Log Correlation & Analysis, Recovery, Chain of Custody, Documentation, Legal Concerns
SOC Analyst 1, 2, and 3 Career PathsCybrary49.50Per Month - There is also a $299 per year optionThreat Intelligence, Log Analysis, Wireshark, Cryptography, Attack Mitigation, Splunk, SIEM, Incident Response, Digital Forensics, Intrusion Detection, Reverse Engineering
The Complete Splunk Enterprise Certified Admin CourseUdemy - Adam Frisbee29.99One TimeSplunk Admin Basics, License Management, Configuration Files, Indexes, User Management, Authentication Management, Getting Data In, Distributed Search, Forwarders, Monitor Inputs, Network and Scripted Inputs, Agentless Inputs, Fine Tuning Inputs, Parsing Phase and Data, Manipulating Raw Data.
The Complete Splunk Beginner CourseUdemy - Adam Frisbee29.99One Time (Prices on udemy change but they have sales often)Setting up a Splunk environment, Creating Reports and Dashboards, Understanding SPL (Search Processing Language), Building datasets and data models.
MDFIR - Certified DFIR SpecialistMosse Cybersecurity Institute450One TimeFile Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports
MBT - Certified Blue TeamerMosse Cyber Security Institute450One TimeDeploy and Manage Incident Mitigation Strategies and Tools, Investigate and Contain Security Intrusions on Windows Systems, Analyze Suspicious Binaries and Malware Samples, Identify Unknown Attacks, Produce Threat Intelligence, Write Custom Tools
MTH - Certified Threat HunterMosse Cyber Security Institute450One TimeCapturing Logs in Large-Scale Computer Networks, Using Python to Hunt for IOCs, Using YARA to Hunt for Malicious Binaries at Scale, Perform Deep-Dive Digital Forensics Investigations and Write Rapid Incident Response Reports
Blue Team Boot Camp: Defending Against HackersCodeRed24.99Per Month - There is also a $249 per year option. Both options include access to all courses on CodeRed.Risk Analysis, Threat Intelligence, Cyber Kill Chain, Endpoint Security, EDR, Windows Hardening, OSQuery, PowerShell, WMI, Linux Hardening, ClamAV, Chkrootkit, HIDS in Linux, MITRE ATT&CK, Network Security, Firewalls, VLAN, Proxy Servers, Log Aggregation & Correlation, Windows Logs, Linux Logs
SOC Analyst Prep WorkshopCover6 Solutions - Tyrone Wilson199One TimeThreat Management, Vulnerability Management, Cyber Incident Response, Security Architecture and Tool Sets. This is a live, virtual workshop. Dates vary.
CompTIA CySA+ TrainingDion Training399One TimeCySA+ Training, Practice Exams, and Hands-On Labs.
Cyber Defense PathTryHackMe10Per MonthSecurity Operations and Monitoring, Threat Emulation, Incident Response, Forensics, Malware Analysis and Reverse Engineering
CyberChef for Security AnalystsApplied Network Defense397One TimeCyberChef, Character Encoding and Encryption, Data Formatting and Parsing, Defeating Malware Obfuscation, Log File and Forensic Analysis Techniques, Image Manipulation, HTTP Requests, JSON Data
INE - Incident Handling & ResponseINE - Dimitrios Bougioukas49Monthly (There is also a $499 and $749/year option)Incident Handling & Response Overview, Network Traffic & Flow Analysis, Practical Incident Handling, SOC 3.0 Operations & Analytics

Cyber Security Incident Response Wannacry Ransomware

Udemy - Balazs Lendvay39.99One TimeInvestigate Wannacry behavior, Triage and identify IOCs, Static Analysis, Create a summary report of the incident
Blue Team Labs OnlineBlue Team Labs Online20.72MonthlyIncident Response, Digital Forensics, Phishing
RangeForce (The price is around $1500 for non-students)RangeForce200One Time (Price is approximate for students only)Security Operations, Suricata, Snort, YARA, Regular Expressions, Digital Forensics, Reverse Engineering, SIEM, SOAR, Splunk, Malware Analysis
Analyzing Network Traffic with WiresharkPluralsight29MonthlyGetting Started With Wireshark, Analyzing Network Protocols, TCP Analysis, Intermediate Wireshark Features, Visualizing Network Traffic, Using Wireshark Command Line Tools
Cisco Certified CyberOps Associate PathPluralsight - Joe Abraham29MonthlySecurity Concepts, Host-Based Analysis, Security Monitoring, Network Intrusion Analysis, Policies and Procedures
Threat Hunting with YARAPluralsight - Cristian Pascariu29MonthlyHow Signature Detection Works, YARA Rules, Defining Patterns, Installing YARA, Setting up an Analysis Environment, Generating Rules with Yargen, Writing Detection Rules, Analyzing Memory Artifacts with YARA, Detecting Threats Across the Network.
IBM QRadar Incident Detection and Response PathPluralsight - Ricardo Reimao29MonthlyIncident Detection and Investigation with QRadar
Managing and Responding to Security Events Using Azure SentinelPluralsight - Muhammad Sajid29MonthlyGetting Data into Azure Sentinel and Using Workbooks, Threat Detection Using Analytics, Managing and Investigating Incidents, SOAR, Security Playbooks, APIs.
Business Email CompromisePluralsight - Tyler Hudak29MonthlyBusiness Email Compromises, BEC Prevention, Detection, and Response.
Network Analysis with ArkimePluralsight - Josh Stroschein29MonthlyGetting Started with Arkime, Analyzing Phishing Traffic, Identifying Malware Command and Control, Developing Techniques for Detecting Data Exfiltration, Detecting Malware Use of TLS Connections.
Detection Engineering with SigmaApplied Network Defense - Josh Brower397One TimeDetection Engineering Process, Structure of Sigma Rules, SOC Prime Sigma UI Plugin for Kibana, Sigmac, How to Write Your Own Detection Rules Using Famliliar Log Sources Like Windows Events, Zeek Logs, Sysmon Logs, AWS, CloudTrail Logs and more.
MCSI CyZone BootcampMossé Cyber Security Institute300Per MonthThis bootcamp incorporates red teaming/pen testing and DFIR related practical training. This includes file analysis, memory forensics, malware analysis, YARA, threat hunting, reverse engineering, incident response challenges, and playbooks.

Affordable OSINT Training

For the purpose of this site, “affordable” is under $1,000.

I will try to keep up with price changes, however, the prices listed here may not always be accurate.

For OSINT Challenges and CTFs, see the DFIR, OSINT & Blue Team CTFs & Challenges section of the Free Training Site.

Name & Direct LinkPlatform/InstructorPrice in US DollarsPrice FrequencyTopics
Open Source Intelligence (OSINT) FundamentalsTCM Security - Heath Adams29.99One TimeOSINT Overview, Notekeeping, Sock Puppet Accounts, Search Engines, Email Addresses, Breached Data, Phone Number, Username, Website, Social Media, Wireless Network OSINT, Tools, Automation, Report Writing
Using the Internet as an Investigative Research ToolToddington499.99One TimeAdvanced Search Features, OSINT Principles and Processes, Avoiding Detection, Piecing User-Generated Content Together, Social Media, Maltego,
Social Media Intelligence & InvestigationToddington499.99One TimeSOCMINT, Search Techniques, Documentation Tools and Practices, Investigating Images, Sock Accounts, Facebook, Twitter, Instagram, YouTube, Online Forums, Groups, Blogs, Geolocation, Monitoring Users and Locations, Privacy Considerations and Techniques
Trace Labs OSINT Foundations CourseOSINT Combine - Chris Poulter99Every 6 MonthsAnalysis Techniques, Collection Sources, Collection Approach & Reporting Methods, Advanced Google Searching, People Search Engines, Username Correlation, Reverse Image Searching
OSINT Fundamentals + Social Media CourseOSINT Combine - Chris Poulter799Per YearAnalysis Techniques, OSINT Platform, Collection Approach & Reporting Methods, Advanced Google Searching, People Search Engines, Username Correlation, Reverse Image Searching, Person of Interest Collection on Various Social Media Platforms, Social Network Analysis
Plessas Training

They have training webinars as well as a monthly news and resources subscription.
Plessas49.99One TimeOSINT for Archives, Introduction to OSINT, OSINT News and Resources
OSINT Area & Event Awareness CourseOSINT Combine - Chris Poulter499Per YearSocial Media Monitoring, CCTV Monitoring, Advanced Mapping, Region Assessments, Threat Actors, Event Monitoring
OSINT Base CampThe Cyber Institute197One TimeOSINT Background and Process, OPSEC, Advanced Search Techniques, Username Investigation, Reverse Image Searching, Maps & Satellite Images, Email, Phone Numbers, Social Media, Tools
IntelTechniquesIntelTechniques500Per YearCase Notes, Video/Screen Capture & Preservation, Search Sites & Tools, Names, Email. Usernames, Phone Numbers, Social Media Investigations, Photos & Video, Documents, Maps, Vehicles, Corporations, Groups, Events, Domains, IPs, VMs, Darknet, Command Line & Scripts
Shodan, OSINT & IoT DeviceseForensics Magazine - Maciej Makowski39One Time (Can also get all courses for $890/year)Searching on Shodan, GUI & CLI, Identify Vulnerable IoT Devices, Search for ICS Devices, Hide Your Devices From Shodan Searches, VPN and Proxy Impact on Shodan
Introduction to Open-Source IntelligenceSecurity Blue Team26.71One TimeOSINT Framework, The Harvester, TweetDeck, Reverse Image Searching, Google Dorks
Introduction to Darkweb OperationsSecurity Blue Team26.71One TimeDark Web, Clear Web, Deep Web, Tor, Search Engines
OSINT Training Essentials (Online)ShadowDragon250Per Year (There are also other options.)OSINT Collection & Analysis, Manual & Automated Intelligence Collection Methods
Hetherington Group WebinarsHetherington Group69One Time (Prices ranged from $69 - $414)The Hetherington Group has Webinars with Topics Such as: Dark Web Investigations, Online Search Engines, Social Media, Public Records, Ethical Investigations
OSINT Investigations: PeopleThe OSINTion - Joe Gray240One TimeOSINT Fundamentals, People OSINT Tools and Resources, Social Media, EXIF, Reverse Image Search, Collaboration Strategies, Mini-CTF to Apply the Concepts
Alternative and Advanced Search Engine OSINTThe OSINTion - Joe Gray145One TimeGoogle Dorking/Advanced Operators, Other Search Engines, Techniques for Searching Abroad
OCR and Image/Video AnalysisThe OSINTion - Joe Gray145One TimeReverse Image Search, EXIF Analysis, Optical Character Recognition (OCR)
Business OSINTThe OSINTion - Joe Gray240One TimeOSINT Fundamentals, Legal and Ethical Considerations, DNS, Social Media, Public Filings, Search Engines, OSINT Tools
Practical OPSEC for OSINT and PrivacyThe OSINTion - Joe Gray200One TimeOSINT and OPSEC Relationship, Social Media and Internet Presence, Secure Technologies, Proactive use of Disinformation and Deception for OPSEC, Steps to Take to Enhance One's OPSEC
OSINT Udemy CoursesUdemy10.99One Time (Prices Vary)Udemy has several courses with topics such as: OSINT, Dark Web, Social Media Intelligence. Just search for "OSINT".
Open Source Intelligence (OSINT) FundamentalsCybrary49.50Per Month - There is also a $299 per year optionOSINT Theory, Notes, Sock Puppets, Tools and Techniques, OPSEC
Open Source Intelligence for ForensicseForensics Magazine - Joshua Richards249One Time (Can also get all courses for $890/year)Using Identifiers, Social Media Profiles, Public Records, Tools & Extensions
OSINT - Open Source IntelligenceCodeRed24.99Per Month - There is also a $249/year option. Both options include all courses on CodeRed.Note Taking, Google, Reverse Searches, Darkweb, People Search, Data Breaches, Maltego, Building an OSINT Machine, Social Media
OSINT Investigation TacticsCyberSec Guidance50One TimeOSINT Approaches, Note Keeping, OSINT Tools, Writing OSINT Investigation Reports, Real World OSINT Investigation Simulation
Dark Web SeminarBlackHorse500One TimeDigital Identity, Layers of the Internet, Tor, Onion Services, TAILS, Whonix, Creating a Personal Onion Service, Secure Dark Web Communications
MOIS - Certified OSINT ExpertMossé Cyber Security Institute450One TimeEnvironment Setup, Search Engines, Facebook, Twitter, LinkedIn, Instagram, Usernames, GitHub, Email Addresses, Online Communities, Documents, Online Maps, Images, Videos, Domain Names, IP Addresses, Tor, Data Breaches, Documentation, Reports & Procedures
McAfee Institute OSINT CoursesMcAfee Institute29.97One TimeSocial Media Investigation and Methodologies, Advanced Social Media Investigations, Investigations on the Deep Web, Learn How to Gather Effective Intelligence Online, Introduction to OSINT, Top 20 Intelligence Resources, Twitter Investigation Methodologies
Certified Social Media Intelligence Analyst (SMIA)McAfee Institute947One TimeLearn how to investigate and gather intelligence on the top social media platforms around the world
Scheduled OSINT Training (various topics)Sourced Intelligence150One TimeDeep and Dark Web, Basic OSINT Training, Advanced OSINT Training, Intelligence Report Writing, Social Media Investigations, Event and Incident Monitoring
Performing OSINT Gathering on Employee TargetsPluralsight - Jerod Brennen29MonthlyGathering Historical Information, Locating Court Records, Performing Social Network Analysis, Extracting Photo Metadata, Digital Footprints, Email Address Variants, Custom Mapping Tools, Mobile Footprint, Telephone Search Tools
Performing OSINT Gathering on Corporate TargetsPluralsight - Jerod Brennen29MonthlyPhysical Reconnaissance, Land and Tax Records, Logical Reconnaissance, Org Chart, Transactions, Document Metadata, Email Addresses, External Infrastructure Profile, Application Usage.

Affordable Malware Analysis & Reverse Engineering Training

For the purpose of this site, “affordable” is under $1,000.

I will try to keep up with price changes, however, the prices listed here may not always be accurate.

Name & Direct LinkPlatform/InstructorPrice in US DollarsPrice FrequencyTopics
Getting Started with Reverse EngineeringPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options)Assembly Basics, Native Code, Reverse Engineering, Debuggers
Analyzing Malware for .NET and Java BinariesPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options).NET Binaries, Java Binaries
Reverse Engineering Malware with GhidraPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options)Ghidra, Reverse Engineering, Malware, Obfuscation, Packing, Ghidra Scripts
Defeating Anti-Reverse Engineering and Anti-Debugging TechniquesPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options)Defeating Anti-Reverse Engineering Techniques, Stopping Anti-Debugging Techniques, Sandboxing
Malware Analysis: Identifying and Defeating Code ObfuscationPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options)Code Obfuscation, VBA Obfuscation, PowerShell Obfuscation, String Obfuscation, Cryptography in Malware
Malware Analysis: Identifying and Defeating PackingPluralsight - Josh Stroschein29Monthly (There are also $299 and $449 yearly options)Common Packing Scenarios, How Packers Work, Identifying Custom Packers, Performing Manual Unpacking
Setting Up a Malware Analysis LabPluralsight - Aaron Rosenmund & Tyler Hudak29Monthly (There are also $299 and $449 yearly options)Creating a Safe Environment, Choosing Operating Systems, Evading Intelligent Malware, Choosing Hardware to Use, Virtual Machines, Tools
Fileless MalwarePluralsight - Aaron Rosenmund and Tyler Hudak29Monthly (There are also $299 and $449 yearly options)How Fileless Malware Works, Defenses Against Fileless Malware, Logging, Hunting Tools
Performing Malware Analysis on Malicious DocumentsPluralsight - Tyler Hudak29Monthly (There are also $299 and $449 yearly options)Lab Setup, Malicious Document Analysis, PDF Analysis, JavaScript Analysis, VBA Script Analysis
Malware Analysis FundamentalsPluralsight - Tyler Hudak29Monthly (There are also $299 and $449 yearly options)Lab Setup, Static Analysis, Dynamic Analysis, Understanding the PE Header
TrickBot Banking TrojanPluralsight - Aaron Rosenmund and Tyler Hudak29Monthly (There are also $299 and $449 yearly options)What TrickBot Does, TrickBot Analysis in the Lab, Detecting TrickBot Indicators on Your Network
Zero 2 AutomatedZero2Automated200.07One TimeEncryption, Hashing, Compression, Unpacking, Maldocs, Loaders, Persistence, Process Injection, Uncompiled Malware, Exploits, Rootkits, Bootkits, Shellcode, Threat Intelligence, TrickBot, YARA Signature Development
A Crash Course in Deep Dive Malware Analysis (On-Demand)AGDC Services200One TimeAdvanced Malware Analysis, IOCs, Decision Making Process, How to Identify Key Focus Areas, Building a C2 Server for Dynamic Analysis, Ghidra, x64Dbg, REMNux
MRE - Certified Reverse EngineerMosse Cyber Security Institute450One TimeBinary Classification, Behavioral Analysis, Memory Forensics, Static Analysis, Dynamic Analysis, Basic Code Deobfuscation Techniques, Analyze Ransomware, RATs, and APTs.
INE - Malware AnalysisINE - Ali Hadi49Monthly (There is also a $499 and $749/year option)Malware Analysis, Static Analysis, Assembly, Behavior Analysis, Debugging, Disassembly, Obfuscation Techniques
INE - Reverse EngineeringINE - Kyriakos Economou49Monthly (There is also a $499 and $749/year option)Practical Reverse Engineering, Reverse Engineering Foundations