Cybersecurity is the first line of defense against modern crime, which increasingly operates in digital space rather than the physical world. This course introduces the core concepts, logic, and architecture of information system security, showing how to identify, understand, and neutralize threats. Participants learn common attack models, system vulnerabilities, methods used by cybercriminals, and protective strategies based on risk analysis. We examine the role of people, procedures, and technology as interdependent elements that together protect information, devices, and networks. The course emphasizes that security is a continuous process—not reactive, but predictive, based on monitoring and behavioral analysis. It provides a solid foundation for the entire Digital Forensics pillar, enabling participants to understand what a cyberattack is before learning how to analyze its traces.
- Nauczyciel: SØREN Forensic Institute
Digital traces are the modern equivalent of fingerprints and microtraces, yet they require an entirely different methodology of preservation, analysis, and interpretation. This course introduces participants to the world of digital evidence—data stored on hard drives, mobile devices, cloud services, network logs, and metadata generated by users and systems. We discuss how to properly secure data to prevent modification, loss, or contamination, as well as how to create forensic bit-by-bit images and maintain a documented chain of custody. Participants learn techniques for recovering deleted, encrypted, or overwritten data, along with methods for analyzing system artifacts that often reveal offender activity even when attempts were made to conceal it. The course demonstrates that digital traces form their own language—a record of actions, decisions, and intentions that, when properly interpreted, allows investigators to reconstruct events with high precision. This is a foundational course for anyone working in digital forensics.
- Nauczyciel: SØREN Forensic Institute
Cyberattack analysis focuses on understanding the sequence of actions taken by an offender—from initial system reconnaissance to final destructive actions, data theft, or full system compromise. This course introduces participants to the technical and investigative methods used to analyze computer attacks, including malware, exploits, remote intrusions, phishing, brute-force attacks, DDoS operations, and corporate network infiltration. We examine the logic of the cybercriminal: how attack environments are prepared, which tools are used, and how offenders attempt to conceal their activity within systems and networks. The course also shows how to identify signatures, anomalies, and artifacts left by malicious software, and how to analyze penetration paths to reconstruct the full sequence of events. Participants learn to view an attack not as a single technical incident, but as a process—logical, planned, and divisible into distinct stages. This course is a core foundation for any analyst seeking to understand what truly happens in cyberspace when security defenses are breached.
- Nauczyciel: SØREN Forensic Institute
OSINT (Open-Source Intelligence) is the craft of gathering information from publicly accessible sources: social networks, public registries, databases, websites, metadata, media, forums, and data hidden in seemingly inconspicuous areas of the internet. This course teaches how to leverage dispersed digital information to build a coherent picture of a person, organization, event, or network of relationships. We explore techniques for searching, filtering, and verifying information, as well as methods for detecting disinformation, false leads, and deliberate manipulation. Participants learn analytical tools, relationship mapping, graph analysis, and methods for working with large datasets. The course emphasizes that OSINT is not random data collection but a structured investigative process that requires methodology, ethics, and an understanding of user psychology in cyberspace. It is a key competency in an era where every online action leaves a trace and every narrative generates its own digital echo.
- Nauczyciel: SØREN Forensic Institute
Cybercrime encompasses a wide spectrum of activities, from simple online fraud to advanced operations built on social engineering, identity theft, information manipulation, and darknet-based criminal ecosystems. This course examines the most common contemporary forms of cybercrime, explaining both the logic of offender behavior and the user errors that enable successful attacks. Participants learn about the technical mechanisms of cyber offenses as well as their psychological foundations — manipulation tactics, pressure techniques, trust-building strategies, and escalation of control. The course also covers threats such as phishing, ransomware, financial fraud, digital stalking, and the trade of illegal services within the darknet. We demonstrate how these phenomena connect into larger criminal structures and how to identify their digital traces. This is a course that teaches participants to view cybercrime not as isolated incidents but as a consistent, systemic method of operation.
- Nauczyciel: SØREN Forensic Institute
Incident Response is the process of reacting to a cyberattack at the moment it occurs, while Digital Reconstruction is the subsequent analysis aimed at recreating the full sequence of events — from the initial security breach to the attacker’s actions inside the system. This course teaches how to conduct real-time operational activities, minimize damage, secure data, and analyze logs and artifacts in accordance with forensic procedures. We discuss techniques for detecting intrusions, identifying attack vectors, tracking network activity, and interpreting the digital traces left by the offender. Participants also learn methods for rebuilding the chronology of an incident — timeline analysis, event correlation, privilege-escalation identification, and reconstruction of lateral movement. The course emphasizes that responding to an incident requires composure, procedural discipline, and the ability to synthesize information under pressure. It is a key competency for any specialist working in digital forensics.
- Nauczyciel: SØREN Forensic Institute