Accelerated Windows Trace and Log Analysis

Accelerated Software Trace Analysis Logo

Slides for training agenda and exercises
Slides for patterns part from the training
Slides for malware narrative part from the training

Feel frustrated when opening a software trace with millions of messages from hundreds of software components, threads, and processes? Go beyond simple CPU and disk hog monitoring or searching for errors in a text and learn how to efficiently and effectively analyze software traces and logs from complex software environments. In addition to a theoretical part, practical illustrations, examples, and exercises include Microsoft Event Tracing for Windows (ETW), Procmon, OSQuery, Windows Performance Analyzer, and PerfView. This course teaches trace and log analysis using pioneering and innovative pattern-oriented analysis of abnormal software behavior incidents developed by Software Diagnostics Institute.

Prerequisites: Basic Windows troubleshooting.

Audience: Software technical support and escalation engineers, system administrators, security researchers, incident response professionals, software developers, platform engineers, DevSecOps and SRE, and quality assurance engineers.

The course includes the following materials in PDF format:

When you purchase the PDF book you additionally get free named Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of trace and log analysis.

The training includes exercises with complete recording. There is an option to buy 14 volumes of Memory Dump Analysis Anthology in PDF format together with the course.

Type and speed