“Investigation Theory” is a comprehensive course designed to equip security analysts with the mindset and skills needed to effectively investigate threats, respond to incidents, and analyze alerts. The course covers various aspects of the investigation process and focuses on fundamental principles rather than specific tools. Key topics include understanding the investigation process, organizing evidence, asking the right questions, making meaning from data, creating investigation playbooks, leveraging threat intelligence, developing threat-hunting skills, recognizing and limiting bias, and effectively communicating findings.

The course is delivered in a structured format, with lectures, labs, exercises, bonus content, and reading recommendations. It is designed to be completed at the student’s convenience, with recommended 10-week or accelerated 5-week paths. The course includes over 30 hours of video lectures, hands-on lab exercises using the Investigation Ninja tool, participation in a student charitable profit-sharing program, and 6 months of access to course materials.

Upon completion, students receive a Certification of Completion and can earn Continuing Education Credits (CPEs/CEUs). This course aims to provide a deep understanding of the investigative process, enabling security analysts to effectively identify and mitigate security threats.

This course does not have a certification component.

Reviews by Wirebiters.com
Average rating:  
 1 reviews
 by Linkavych
Must Take Course (2023)

Difficulty: 2 out of 5.

Course: Investigation Theory
Vendor: Applied Network Defense
Course Author: Chris Sanders
URL: https://www.networkdefense.io/library/investigation-theory-17444/468070/about/
Date Completed: 2023-10-23
Certification: N/A

This should be a required course for anyone working in information security.

The course walks you through the how and why behind investigating incidents, asking questions, and building your base of knowledge to steadily improve throughout your career. No, there is no cert tied to the course, but that should not diminish its value to you if you're considering it.
At present (2023) the course costs $647, with six months of access to the materials and hands-on labs.

Even if you have been working in incident response, or as a SOC analyst for some time this course WILL make you a better analyst.

Further, if you're in offensive security, I would contend that you have just as much to gain from a course like this - it better prepares you for how analysts will examine and question the data in their networks and respond to your tests.

Chris teaches the course in a very engaging way, and guides you through how to build a career-long self-education method for continuing to grow in information security.

If you manage a SOC, or other team of analysts, I would consider making this required training (and provide the funding for it).

If you're an individual just getting started, or already have a wealth of experience, you will gain value from taking this course - as will your peers.