FALCON 280: Investigating With Falcon Forensics
FALCON 280: Investigating with Falcon Forensics is an advanced one-day course that focuses on mastering CrowdStrike Falcon® Forensics for host-based investigations and artifact analysis. Through hands-on exercises and an extensive capstone, participants will learn to navigate and utilize Falcon Forensics' comprehensive dashboards, including the Windows Hunting Leads, Host Timeline, and Host Info dashboards. The course emphasizes practical application of CQL queries and dashboard customization to effectively analyze and report on forensic artifacts.
Course Highlights:
- Investigation techniques using the Windows Hunting Leads, Host Timeline, and Host Info dashboards
- Advanced CQL query development with macro implementation
- Creation and export of custom dashboards and templates
- Pivoting investigations using Advanced Event Search queries
- Generation of custom dashboard reports and data exports
