Certified Professional Forensics Analyst (CPFA) Training

Network Intelligence have been providing professional computer forensics, cyber breach investigation, incident detection and response services to clients for more than 10 years. Network Intelligence brings together its consolidated expertise into a 3-day training on Certified Professional Forensic Analyst (CPFA). The entire workshop is driven by exercises and case studies to ensure that all aspects have a real-life scenario-based approach explaining from start to end of digital forensics investigation, incident detection and response.

Upon completion of the training, the participant would have an in-depth knowledge of the Digital forensics and incident response, its importance and implementation. The 12 hours of online course is spread across 3 days 4 hours each which includes 11 hours of training session followed by 1-hour online examination. Below is the Table of Contents for the training.

Training Details:

Asia & Middle East Batch:

  • Date: 16th – 18th August, 2023
  • Timing: 6.00 AM to 10.00 AM (GMT)
  • Mode: Online through Microsoft Teams
  • Region: Asia & Middle East
  • Fees:
    • USD $ 150 (for ISACA/ISC2 members)
    • USD $ 200 (for regular participant )
Register your interest

Americas & Europe Batch:

  • Date: 21th – 23th August, 2023
  • Timing: 1.00 PM to 5.00 PM (GMT)
  • Mode: Online through Microsoft Teams
  • Region: Americas & Europe
  • Fees:
    • USD $ 150 (for ISACA/ISC2 members)
    • USD $ 200 (for regular participant)
Register your interest

Objective of the program:
  • What should one do when there is a suspicion of a computer-based crime?
  • What tools and techniques are most likely to yield the right set of clues?
  • What is the procedure to deal with incident response and remediation?
  • How should the investigation be carried out such that it can be presented in a court of law?
  • Demonstration with the worlds’ leading forensics tool – Encase.


Table of Content:
Session 1: Introduction to DFIR
  • Digital Forensics Introduction
    • Digital Evidence
    • Forensic Process
    • Approaching Crime Scenes
    • Chain of Custody
  • Incident Response Introduction
    • Important Case Studies
    • Getting your Incident Response Right
    • Incident Response Plan
    • Attacker Frameworks
Session 2: Endpoint Forensics
  • Live Forensics
    • Performing Memory Forensics
    • Windows Live Forensics
    • Linux Live Forensics
  • Log Analysis
    • Analysis of OS Logs
Session 3: Disk and OS Artifact Analysis
  • Disk Forensics
    • Disk Image Acquisition
    • Disk Image Analysis
    • Windows File Systems
    • USB Forensics
  • Windows Artifact Analysis
    • Windows Registry
    • Windows Shortcuts
    • Evidence of Execution
Session 4: Network Forensics
  • Analysis of Network Logs
  • Analysis of Packet Captures
Session 5: Email and Browser Forensics
  • Email Forensics
    • Various Email Based Attacks
    • Email Header & Content Analysis
  • Browser Forensics
Session 6: Using TI and Reporting
  • Using Threat Intelligence in Investigations
  • Sources of Threat Intelligence
  • Report Writing
Sample Certificate:


Terms & Conditions:
  • Fees, speakers and date are subject to change.
  • Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Cancellations must be received in writing at least one week prior to course commencement. No-shows would be fully charged.
  • Registered attendees who are unable to attend the above course can send replacements subject to one week’s notification. * Membership fee applies.
Privacy Notice:

We are committed to respecting your privacy and we recognize the importance of protecting the information collected about you. All of the personal information that you have submitted during the registration shall only be processed in relation to your attendance to this event (i.e., processing of payments, issuance of certificate, sending of any announcements, future events and activities). All the information that you have provided in relation to this event shall be protected with reasonable and appropriate measures and shall only be retained as long as necessary in its processing.