Senior Instructor

Chris Daywalt

Security Freelancer

Chris Daywalt is a security freelancer in the defensive space who spends much of his day doing and teaching Digital Forensics and Incident Response (DFIR).

See More
Rating
35
courses
courses

Courses

false
true
false
Course
1
H:
50
M
1
CEUS

Examining File Operations

In this hands-on lab, you will learn about file operations as a source of evidence in the context of a forensic investigation. You will practice you examining traces of actions performed involving files, such as files being created, modified, moved, opened, etc.

Learn More & Enroll
false
true
false
Course
1
H:
20
M
1
CEUS

Windows Execution Artifacts (Part 2)

In this hands-on lab, you will learn to discover and analyze artifacts generated by execution in Windows systems. You will practice identifying evidence of execution under specific conditions and attributing that evidence to user accounts. Part 2 of 2.

Learn More & Enroll
false
true
false
Course
1
H:
50
M
1
CEUS

Windows Execution Artifacts (Part 1)

In this hands-on lab, you will learn to discover and analyze artifacts generated by execution in Windows systems. You will practice identifying evidence of execution under specific conditions and attributing that evidence to user accounts. Part 1 of 2.

Learn More & Enroll
false
true
false
Course
H:
30
M
1
CEUS

Windows Local User Accounts

In this hands-on lab, you will learn how to examine local user accounts on Windows systems for forensic evidence. You will practice identifying user accounts and basic configuration details about them.

Learn More & Enroll
false
true
false
Course
H:
M
1
CEUS

File Systems

In this hands-on lab, you will be introduced to file systems from the perspective of digital forensics. You will practice by analyzing a file system to identify important pieces of data regarding files of interest.

Learn More & Enroll
false
true
false
Course
H:
50
M
1
CEUS

Evidence Acquisition

In this hands-on lab, you will learn the basics of digital forensic acquisition. You will practice acquiring evidence using two tools: dc3dd and FKT Imager.

Learn More & Enroll
false
true
false
Course
0
H:
15
M
0
CEUS

Royal Ransomware Group: Campaign Overview

In this brief course, you will be introduced to the Royal Ransomware Group Threat Actor Campaign.

Learn More & Enroll
true
false
false
Course
1
H:
30
M
1
CEUS

Memory Acquisition and Examination

In this hands-on lab, you will learn the basics of memory forensics. You will practice acquiring and examining evidence from system memory on a Windows system.

Learn More & Enroll

About Chris Daywalt

After too many years of security operations work, Chris Daywalt tries to turn his phone off at 5:00 pm EST. While there are a bunch of training classes and education somewhere on his resume, much of what he has to teach was learned at the school of hard knocks, often at the expense of his previous clients. He wants to help you spend more time detecting and denying adversaries and less time banging your head against your keyboard. He dips his blueberry donuts in orange juice.

Chris’ 19-year career includes work for organizations of all sizes, both government and private sector, and is distributed roughly like so:

  • 30% doing DFIR
  • 30% teaching DFIR
  • 20% monitoring and detection engineering
  • 15% risk assessment
    • 5% other stuff, like sneaking in a game of Plants vs. Zombies or taking a quick nap at the desk (Don’t judge - I work overtime)