• PA Consulting logo

Introduction to Digital Forensics: Malware Analysis and Investigations

Learn to identify malware on a computer system to understand how to prevent malware attacks and enhance your cyber security.

A computer screen with a pink malware warning sign.
  • Duration

    3 weeks
  • Weekly study

    3 hours

Discover the fundamentals of malware

Malware can cause serious issues for businesses worldwide, and attacks are prevalent. Almost 10 billion malware attacks are estimated to have taken place in 2019 alone.

On this three-week course, you’ll learn the essentials of what malware is, how it works, and how malware is used to extract personal data for private gain.

Discover how malicious software infects your computer

Malware is ‘malicious software’ designed to harm or exploit any programmable device, service, or network.

You’ll learn how to identify malware on a computer system, as well as the different types of malware. With this understanding, you’ll know how to spot a potential attack, protecting your data and devices.

Explore why malware analysis is important

You’ll examine different malware categories and analyse how these categories are similar and how they differ.

This will help you grasp how Windows 10 stores information about programs being executed, and how the New Technology File System stores metadata.

With this knowledge, you’ll be able to communicate the importance of malware analysis to help protect your organisation.

Examine virus and malware removal with industry leaders

You’ll discover the best practice for virus and malware removal to help you reduce the harm from an attack, should one occur.

Learning from PA Consulting’s Steve Shepherd – an international expert in digital forensics and cybercrime – you’ll discover the history of malware, and learn key cyber skills that are in demand today.


  • Week 1

    Understanding malware

    • ExpertTrack Courses

      Introduction to ExpertTrack Learning

    • Welcome to the course

      Course welcome and instructor biography

    • Quiz - Let's test your cyber knowledge

      Short quiz to understand the background knowledge required to become a competent malware investigator

    • Let's discuss the quiz

      Open discussion on the competences quiz

    • Week one introduction

      An introduction to the content of week one by the course author

    • History of malware

      Brief history on the origins of malware

    • Categories of malware

      An explanation of malware categories

    • Describing categories of malware

      Understanding the differences between the malware categories

    • End of week test

      A short test to confirm week 1 learning points

  • Week 2

    Malware infection and persistent methods

    • Week two introduction

      An introduction to the content of week two by the course author

    • Malware Terminology

      Understanding the terminology used in malware investigations

    • Infection Methods

      The methods by which malware can be downloaded onto a computer

    • Persistence Methods

      The methods by which malware can persist on a computer

    • Obfuscation Methods

      The methods and techniques malware can obfuscate itself to avoid detection

    • End of week 2 test

      A short test to confirm week 2 learning points

    • Week two review

      Review of week two

    • Peer Graded Assessment

      Conduct research on a malware infection

  • Week 3

    Operating System & File System Basics

    • Week three introduction

      An introduction to the content of week three by the course author

    • Windows 10 Operating System

      Overview of Windows 10 operating system artefacts

    • NT File System

      An overview of the NT File System

    • End of week test

      A short test to confirm week 3 learning points

    • Week three review

      Review of week three

Learning on this course

On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.

What will you achieve?

By the end of the course, you‘ll be able to...

  • Demonstrate the technical knowledge required to conduct basic Windows Malware Investigations.
  • Collect certain data artifacts to assist in the identification of malware presence and or infection on a Windows computer.
  • Design a logical structure to investigate malware presence and or infection on a Windows computer.
  • Explain the differences between malware categories and capabilities.

Who is the course for?

This course is designed for anyone interested in learning more about malware.

You could be an IT student, digital forensic analyst, cyber incident responder, or IT security officer looking to enhance your digital forensic skills.

What software or tools do you need?

No specific computer type is needed to complete this course, however, a Windows Operating System would be beneficial if you wish to identify operating system and file system artifacts on your own computer.

Who will you learn with?

Steve is a incident response consultant who specializes in cyber and malware investigations. Steve also authors and delivers cyber technical training courses to both public and private sector clients.

Who developed the course?

PA Consulting

An independent firm of over 2,600 people, we operate globally from offices across the Americas, Europe, the Nordics, the Gulf and Asia Pacific.

Learning on FutureLearn

Your learning, your rules

  • Courses are split into weeks, activities, and steps to help you keep track of your learning
  • Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
  • Stay motivated by using the Progress page to keep track of your step completion and assessment scores

Join a global classroom

  • Experience the power of social learning, and get inspired by an international network of learners
  • Share ideas with your peers and course educators on every step of the course
  • Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others

Map your progress

  • As you work through the course, use notifications and the Progress page to guide your learning
  • Whenever you’re ready, mark each step as complete, you’re in control
  • Complete 90% of course steps and all of the assessments to earn your certificate

Want to know more about learning on FutureLearn? Using FutureLearn

Get a taste of this course

Find out what this course is like by previewing some of the course steps before you join: