Digital Forensics and Incident Response exercise

Digital Forensics and Incident Response (DFIR) exercise is an exercise where training audience needs to investigate already happened cyber-attack. DFIR exercise is especially constructed for technical specialist, IT managers, and Security managers to learn how to identify different indicators of compromise, and conduct incident management and incident response.

DFIR exercise is a great tool for organizations to test and evaluate their capabilities on conducting incident response within the organization or with collaboration with their service provider.

Group size

Total of 10 participants


Two work days


JYVSECTEC premises
Piippukatu 2


Attacker campaign

For the DFIR exercise JYVSECTEC’s Red Team experts create realistic attacker campaign. The attacker campaign includes all the different phases of attack:


Gaining foothold

Command and control

Infiltration/ penetration

Internal reconnaissance

Action based on objectives


Lateral movement


The DFIR scenario

The scenario used in the exercise involves a financial company NorthernBank, which provides banking services for Retail&Commerce Companies and consumer customers. In the scenario the bank has a suspicion of a potential breach occurred which needs to investigated by the trainees. Participants have wide variety of tools in use and they will operate as members of Incident response Team created by Bank. Members have access to the Bank IT infrastructure and services.

Example roles for participants

IT Manager

Security manager

Workstation specialists

Security specialists

Network specialists

Log / Security


Are you interested in discussing your organization's needs for cyber security exercise? Let's settle a confidential consultation.