Foundation
Digital Evidence & Chain of Custody
Legal foundations, evidence bagging, logging, vouchers, and contamination prevention.
View Module Sample Evidence PackForensic Training Pathways
Each pathway is designed to build practical operator capability with real evidence packages, Australian legal constraints, and live lab environments.
Hacking101 Forensic Analysis 101 covers the end-to-end forensic workflow — from evidence preservation through to expert witness reporting — aligned to ASD Essential Eight, ISM, ASD Information Security Manual 1534, and Australian federal court admissibility benchmarks.
Recommended
Disk & Memory Forensics
Live response, imaging, timeline construction, and artefact recovery using Autopsy and Volatility.
View Module
Specialisation
Signature & Handwriting Analysis
Forensic handwriting comparison, signature verification, questioned document examination, and expert witness preparation.
Study This Module
Intermediate
Network Forensics
Packet capture analysis, flow record examination, C2 beacon detection, and intrusion evidence identification with Wireshark, Zeek, and Suricata.
View Module
Advanced
Malware Analysis & Reverse Engineering
Static and dynamic analysis, PE/ELF dissection, sandbox execution, disassembly with Ghidra, debugging with x64dbg, and YARA rule development.
View Module
Professional
Incident Response & Court Reporting
End-to-end IR methodology, live-response triage, root cause analysis, expert report writing, and courtroom testimony preparation with mock cross-examination.
View ModuleCore Forensic Topics
Every graduate completes evidence handling with valid forensic rigour, documentation, and structured reasoning chains.
Hacking101 Forensic Analysis 101 topics cover: legal foundations, forensic imaging, evidence preservation, artefact analysis, malware reverse engineering, network intrusion forensics, incident response triage, questioned document examination, and courtroom-ready forensic reporting — taught via live Australian-hosted lab environments.
Evidence Collection & Chain of Custody
Disks, phones, memory, cloud credentials. Collection according to current AFP and state forensic guidelines with unbroken chain-of-custody documentation.
View Module →Live Response & Memory Forensics
Volatile evidence capture, memory acquisition with WinPmem and LiME, Volatility 3 analysis, and process reconstruction from RAM dumps.
View Module →Disk Analysis & Timeline Construction
File system artefact recovery, MFT analysis, slack space examination, super-timeline buildout with Plaso, and deleted artefact reconstruction.
View Module →Malware Analysis & Reverse Engineering
Static and dynamic analysis, PE/ELF dissection, unpacking, disassembly with Ghidra, debugging with x64dbg, and YARA rule development for IOC extraction.
View Module →Document / Handwriting Forensics
Questioned document examination, signature verification, forger trait identification, ACE-V methodology, and expert opinion construction.
View Module →Court-Ready Reporting & Testimony
Structuring expert forensic statements, qualifying opinions for admissibility, witness-box preparation, and handling adversarial cross-examination.
View Module →Frequently Asked Questions
How does Forensic Analysis 101 relate to full Hacking101 DFIR courses?
Forensic Analysis 101 is the complete foundation-to-professional pathway across six integrated modules. Students progress from Digital Evidence & Chain of Custody through Disk & Memory Forensics, Network Forensics, Malware Analysis & Reverse Engineering, Signature & Handwriting Analysis, and cap it with Incident Response & Court Reporting — a structured curriculum covering the end-to-end forensic workflow at Australian federal court admissibility standards.
Forensic Analysis 101 is the complete foundation-to-professional pathway across six integrated modules. Students progress from Digital Evidence & Chain of Custody through Disk & Memory Forensics, Network Forensics, Malware Analysis & Reverse Engineering, Signature & Handwriting Analysis, and cap it with Incident Response & Court Reporting — a structured curriculum covering the end-to-end forensic workflow at Australian federal court admissibility standards.
Can I take modules individually?
Yes. Every module is offered as a standalone course with its own pricing, labs, and certificate of completion. Start with the module that matches your current skill level and build outward.
Yes. Every module is offered as a standalone course with its own pricing, labs, and certificate of completion. Start with the module that matches your current skill level and build outward.
Where does this live?
Directory:
All six modules live under this path. Each module has its own dedicated subdirectory with full course content, tools listings, advisories, and enrolment options.
Directory:
www.hacking101.com.au/forensic-analysis-101/All six modules live under this path. Each module has its own dedicated subdirectory with full course content, tools listings, advisories, and enrolment options.
Ready to start? Choose your module below or browse the full course catalogue.