TraceFoundry Academy

Endpoint forensics

Endpoint Evidence Studio (Windows)

This program focuses on practical host-side investigations for internal IT and security responders. Participants work through scenario labs derived from enterprise cases, emphasizing documentation discipline, evidence packaging for stakeholder sign-off, and coordination with service owners. The week blends instructor walkthroughs with paired exercises so teams leave with a concise internal playbook section they can paste into their runbooks.

Duration
4 days, instructor-led
Format
Hybrid cohort
Program fee (informational)
₩920,000
Start window
2026-06-09
Schedule a call Back to catalog
Cover visual for Endpoint Evidence Studio (Windows)

Outcomes

  • A documented triage sequence your team can run during the first hour of an alert
  • A shared vocabulary between IT operations and security analysts for host evidence
  • Clear packaging steps for internal reviewers without over-scoping the inquiry
Capability What you practice
Module 1 Scenario labs built from anonymized enterprise incidents
Module 2 Chain-of-custody note templates aligned to quality standards expectations
Module 3 Timeline construction with correlation markers for service owners
Module 4 Volatile data capture checklist tuned for standard laptop builds
Module 5 Memory and disk triage ordering that reduces rework
Module 6 Peer review prompts to keep narratives consistent across shifts
Module 7 Exportable lab workbook for future cohort onboarding

Lead facilitator

Haneul Park

Lead forensics instructor with a background in large-scale enterprise investigations and lab design.

FAQ

Do we need dedicated hardware for every participant?

No. The core exercises run on modest laptops. A small number of optional modules assume access to a USB staging drive your organization approves for training use.

Is this suitable for teams without prior forensics titles?

Yes, if participants are comfortable with Windows administration and basic networking. We do not assume prior courtroom testimony experience.

What is intentionally not included?

We do not provide legal advice, external reviewer representation, or operational warranties about any specific toolchain vendor. The focus stays on internal readiness and documentation quality.

Participant notes

“The Windows timeline lab mirrored how our service desk actually hands off alerts. We adopted the correlation markers for network authentication events the following week.”

Minseo · survey

“Clear pacing, though the third-day module expects you to move quickly. The facilitator notes on evidence packaging were the standout.”

Leah Okonkwo · IT Operations Lead · Northwind Logistics KR
TraceFoundry Academy

Scenario labs for enterprise IT teams who need calmer investigations, clearer documentation, and stronger cross-team rehearsals.

Serving IT operations leads and security analysts. Based in Seoul.

Explore
Compliance

12 Teheran-ro 14-gil, Gangnam-gu
Seoul 06292
+82 2 3456 7821

Photos: StockSnap, AlLes, duglong, phamtu1509, AlexanderStein, Orchids love rainwater.

© 2026 TraceFoundry Academy. Training services described on this site are informational only.