Program DFIR Specialist (Digital Forensics & Incident Response) ini dirancang untuk membentuk spesialis investigasi keamanan siber yang mampu melakukan:
Incident Response
Digital Forensics
Malware Investigation
Threat Hunting
Log Analysis
Memory Analysis
Disk Forensics
Threat Intelligence
SOC Investigation
Professional Reporting
Program difokuskan pada:
Blue Team operation
Investigasi insiden siber
Analisa artefak digital
Threat detection
Security monitoring
Malware investigation
Evidence handling
Setiap modul terdiri dari:
Tujuan pembelajaran
Materi utama
Tools yang dipelajari
Praktik lab
Target skill
LEVEL 1 — DFIR FUNDAMENTALS
Modul 1 — Introduction to DFIR
Materi:
Pengertian DFIR
Digital forensics overview
Incident response overview
Cyber attack lifecycle
Threat landscape
Legal & ethics
Chain of custody
Tools:
Kali Linux
Ubuntu
VirtualBox
Praktik:
Setup DFIR lab environment
Target Skill:
Memahami dasar DFIR.
Modul 2 — Networking Fundamentals for DFIR
Materi:
OSI Layer
TCP/IP
DNS
HTTP/HTTPS
VPN
Network traffic basics
Tools:
Wireshark
tcpdump
Praktik:
Analisa traffic jaringan dasar
Target Skill:
Memahami komunikasi jaringan.
Modul 3 — Linux Fundamentals for DFIR
Materi:
Linux filesystem
Permission
Process monitoring
Bash basics
System logs
SSH
Tools:
journalctl
grep
awk
systemctl
Praktik:
Analisa log Linux
Target Skill:
Menguasai Linux untuk DFIR.
Modul 4 — Windows Internals for DFIR
Materi:
Windows architecture
Registry
NTFS
Windows Event Log
Windows artifacts
PowerShell basics
Tools:
Sysinternals
Event Viewer
PowerShell
Praktik:
Analisa Windows event log
Target Skill:
Memahami sistem Windows.
Modul 5 — Incident Response Fundamentals
Materi:
Incident lifecycle
Preparation
Identification
Containment
Eradication
Recovery
Lessons learned
Tools:
TheHive
Cortex
Praktik:
Simulasi incident handling
Target Skill:
Memahami workflow incident response.
LEVEL 2 — LOG ANALYSIS & INVESTIGATION
Modul 6 — Log Analysis Fundamentals
Materi:
Log source
Authentication log
Web server log
Firewall log
SIEM basics
Tools:
ELK Stack
Splunk
Wazuh
Praktik:
Analisa log keamanan
Target Skill:
Mampu membaca dan menganalisa log.
Modul 7 — Network Traffic Analysis
Materi:
Packet analysis
DNS traffic
HTTP traffic
Suspicious connection
Malware traffic overview
Tools:
Wireshark
Zeek
tcpdump
Praktik:
Investigasi PCAP file
Target Skill:
Mampu melakukan network investigation.
Modul 8 — SIEM & Security Monitoring
Materi:
SIEM architecture
Alerting
Correlation rules
Threat detection
Dashboard monitoring
Tools:
Splunk
Wazuh
ELK Stack
Praktik:
Membuat detection rule
Target Skill:
Memahami security monitoring.
Modul 9 — Threat Hunting Fundamentals
Materi:
IOC
TTP
Threat hunting process
Hypothesis-based hunting
MITRE ATT&CK
Tools:
Sigma
Splunk
Wazuh
Praktik:
Simulasi threat hunting
Target Skill:
Mampu melakukan threat hunting.
Modul 10 — IOC Analysis & Threat Intelligence
Materi:
IOC analysis
Hash analysis
Domain investigation
Threat feed
Threat actor basics
Tools:
VirusTotal
MISP
AbuseIPDB
Praktik:
Investigasi IOC
Target Skill:
Memahami threat intelligence.
LEVEL 3 — DIGITAL FORENSICS
Modul 11 — Digital Evidence Handling
Materi:
Evidence acquisition
Chain of custody
Integrity verification
Hash verification
Documentation
Tools:
FTK Imager
Guymager
Praktik:
Akuisisi evidence digital
Target Skill:
Mampu menangani barang bukti digital.
Modul 12 — Disk Forensics Fundamentals
Materi:
File system
Deleted file recovery
Timeline analysis
Metadata analysis
Partition analysis
Tools:
Autopsy
FTK Imager
Sleuth Kit
Praktik:
Analisa image disk
Target Skill:
Mampu melakukan disk forensic.
Modul 13 — Windows Forensics
Materi:
Registry forensic
Prefetch
Shimcache
LNK files
USB artifact
Tools:
Registry Explorer
Eric Zimmerman Tools
Praktik:
Investigasi artefak Windows
Target Skill:
Memahami Windows forensic artifacts.
Modul 14 — Linux Forensics
Materi:
Bash history
Auth log
Cronjob analysis
SSH artifact
Linux persistence overview
Tools:
grep
journalctl
ausearch
Praktik:
Investigasi Linux compromise
Target Skill:
Memahami Linux forensic investigation.
Modul 15 — Memory Forensics
Materi:
RAM acquisition
Process analysis
DLL analysis
Network connection analysis
Malware artifact
Tools:
Volatility
Rekall
Praktik:
Analisa memory dump
Target Skill:
Mampu melakukan memory forensic.
LEVEL 4 — MALWARE & ADVANCED INVESTIGATION
Modul 16 — Malware Fundamentals
Materi:
Malware category
Trojan
Worm
Ransomware
Persistence basics
Tools:
REMnux
PEStudio
Praktik:
Malware classification
Target Skill:
Memahami jenis malware.
Modul 17 — Static Malware Analysis
Materi:
PE file structure
Strings analysis
Hash analysis
Import/export table
Obfuscation basics
Tools:
PEStudio
Detect It Easy
Strings
Praktik:
Analisa malware sample aman
Target Skill:
Mampu melakukan static analysis.
Modul 18 — Dynamic Malware Analysis
Materi:
Sandbox analysis
Process monitoring
Registry changes
File activity
Network activity
Tools:
Procmon
Wireshark
FakeNet-NG
Praktik:
Dynamic analysis di sandbox aman
Target Skill:
Memahami perilaku malware.
Modul 19 — Reverse Engineering Basics
Materi:
Assembly basics
Binary analysis
Function analysis
Program flow
Tools:
Ghidra
IDA Free
x64dbg
Praktik:
Reverse engineering executable sederhana
Target Skill:
Memahami struktur executable.
Modul 20 — Ransomware Investigation
Materi:
Ransomware workflow
Encryption behavior
Persistence mechanism
Lateral movement overview
Incident response workflow
Tools:
Volatility
Wireshark
Autopsy
Praktik:
Simulasi ransomware investigation
Target Skill:
Memahami investigasi ransomware.
LEVEL 5 — SOC & ADVANCED DFIR OPERATION
Modul 21 — SOC Operations
Materi:
SOC workflow
Alert triage
Escalation
Case management
Analyst workflow
Tools:
Wazuh
Splunk
TheHive
Praktik:
Simulasi SOC operation
Target Skill:
Memahami operasional SOC.
Modul 22 — Endpoint Detection & Response (EDR)
Materi:
Endpoint monitoring
Threat detection
Telemetry
Incident correlation
Endpoint investigation
Tools:
Velociraptor
Wazuh
Praktik:
Investigasi endpoint alert
Target Skill:
Memahami endpoint investigation.
Modul 23 — Cloud Incident Response
Materi:
Cloud logging
AWS CloudTrail
IAM investigation
Cloud compromise overview
Container security basics
Tools:
AWS CLI
ScoutSuite
Praktik:
Investigasi cloud activity
Target Skill:
Memahami cloud DFIR.
Modul 24 — DFIR Reporting & Documentation
Materi:
Incident documentation
Timeline creation
Evidence reporting
Executive summary
Technical reporting
Tools:
Dradis
Obsidian
Markdown
Praktik:
Membuat laporan investigasi profesional
Target Skill:
Mampu membuat laporan DFIR profesional.
Modul 25 — Final DFIR Investigation Project
Materi:
Full DFIR workflow
Incident investigation
Log analysis
Evidence handling
Threat hunting
Reporting
Tools:
Full DFIR Toolkit
Praktik:
Final incident investigation project
Presentasi hasil investigasi
Target Skill:
Siap menjadi DFIR Specialist profesional.
BONUS SECTION
Tools Penting DFIR
Wireshark
Volatility
Autopsy
FTK Imager
Splunk
Wazuh
ELK Stack
Procmon
Sysinternals
TheHive
Velociraptor
Sertifikasi Direkomendasikan
CHFI
GCFA
GCIH
GNFA
GCFE
CompTIA CySA+
Security+
Platform Praktik
Blue Team Labs Online
TryHackMe Blue Team Path
CyberDefenders
LetsDefend
Hack The Box Sherlocks
Roadmap Karier
Beginner:
SOC Analyst
Junior Incident Responder
Intermediate:
DFIR Analyst
Threat Hunter
Security Analyst
Advanced:
Senior DFIR Specialist
Malware Analyst
Incident Response Lead
Threat Intelligence Analyst
PENUTUP
Program DFIR Specialist dirancang untuk membentuk investigator keamanan siber profesional dengan kemampuan incident response, digital forensics, malware investigation, threat hunting, dan SOC operation.
Pembelajaran dilakukan secara bertahap mulai dari dasar log analysis hingga investigasi insiden tingkat enterprise.