Course & Peripherals

Everyone should be able to start with forensics and incident management without spending the whole budget — at minimum a proof of concept. You can learn software on small, retired computers and scale up later as your needs become clear.

Work on a stand-alone machine — the course handles malware that can infect a system even with precautions.

• i5 processor (or equivalent).
• 16 GB RAM.
• 250 GB+ storage, ideally SSD (forensic software wants a fast disk).
• A few USB sticks.
• Able to run virtualization — the course runs two VMs alongside the host OS.

Have at least one 16 GB+ USB (ideally USB 3.0), for data collection and a bootable CAINE / Paladin Linux stick. Course software is open source and free; some examples use VMware (e.g. for the network setup).

• FTK Imager (free, requires registration) — for acquisition.
• CAINE / Paladin — bootable, write-protected Linux for collection.
• VMware / VirtualBox — virtualization.