CSI Linux Certified OSINT Analyst

The CSI Linux Certified-OSINT Analyst (CSIL-COA) is an open-source intelligence and investigation certification that applies to Data Collection, Analysis, and Reporting of open source information to help provide actionable intelligence to decision-makers.

Who is C-OSINT-A For?

  • Law Enforcement
  • Intelligence Personnel
  • Private Investigators
  • Insurance Investigators
  • Cyber Incident Responders
  • Digital Forensics (DFIR) analysts
  • Penetration Testers
  • Social Engineers
  • Recruiters
  • Human Resources Personnel
  • Researchers

Domain Weights

  • OPSEC (%13)
  • Technology Basics (%20)
  • Laws, Ethics, and Investigations (%9)
  • Identification (%16)
  • Collection & Preservation (%13)
  • Examination & Analysis (%13)
  • Presentation & Reporting (%14)

Exam Format

  • Online
  • 85 questions
  • 2 hours
  • A minimum passing score of 85%

Getting Started With CSI Linux

This course covers how to get started with CSI Linux.

What you will learn

  • Downloading and installing
    • Installing the Virtual Appliance
    • Installing onto a Bootable drive
  • Updating the system
  • Routing your traffic through Tor
    • Using the CSI TorVPN
    • Using the CSI Gateway with Whonix Virtual Machine Gateway
  • Using the Case Management System
  • and more...

General Linux Administration

This course has material that will help you learn how to navigate Linux and Bash scripting.  This will help you manage, troubleshoot, and add automation to your CSI Linux platform.

Cyber Forensics Framework

Coming soon...

This course will walk you through our Cyber Forensics Framework which is the baseline for all cyber-related investigations.  We do reference NIST and other public documentation, but this framework is designed from the ground up by subject matter experts in the field with the main goal of keeping your evidence and findings admissible in court.

Online Investigation

Coming Soon...

This course will cover the basics of doing an online or Internet-based investigation, including understanding the basics of networking, challenges of jurisdictions, identifying responsible parties, preservation letters, and how to capture the evidence following industry standards for presentation in court.  This course should be taken before OSINT, Dark Web Investigations, or SOCMINT to give you a good baseline to work from.

Open Source Intelligence and Investigation

CSI Linux Open Source Intelligence (OSINT) and Investigation Course

Do you want to know what your competitors or hackers know about you?  Are you investigating a suspect or potential employee?  Many of the attackers' tools, techniques, and procedures can be used by those investigating.  This course goal is to gather information on a suspect or target using the information found on the Internet.

This course covers the following sections: Base Process of Investigations, Preserving Online Evidence, Phone Numbers and Info, IP Addresses, Proxies, and VPNs, DNS, Domains, and Subdomains, Importance of Anonymity, Online Investigation Subjects, Setting up an Online Web Persona, Using your persona to investigate, Website Collection, 3rd Party Commercial Apps, Tracking changes and getting alerts, Public Records Searches, Geolocation, Online Investigations With Images., Social Media Sites, What is Crypto Currency, OSINT Frameworks (tools), Writing the Report, Case Studies, Practicing OSINT and Resources, and more.

Social Media Intelligence and Investigation


This course goal is to gather information on a suspect or target using their Social Media information. Do you want to know what your competitors or enemies know about you?  These are the same techniques we use during the reconnaissance or OSINT process but focus directly on the target's Social Media presence.

The modules included are Importance of Anonymity, Base Process of Investigations, Preserving Online Evidence, Online Investigation Subjects, setting up a Sock Puppet, 3rd Party Commercial Apps, Terms of Service Challenges, tracking changes and getting alerts, Online Investigations with Images, Facebook, Twitter, Instagram, and others, Dating Sites, using your persona to investigate, Writing the Report, Case Studies, Practicing OSINT and Resources, and more

Cryptocurrency Analysis

Coming Soon...

This course will cover blockchain and ledger analysis along with how many of the common cryptocurrencies work.  We will also look at the CSI Linux Project Hades™ integration to see if the crypto wallet was used on a Dark Web site.

Dark Web Investigation

CSI Linux Dark Web Investigation Certification Course

You will learn about the basics of Dark Web investigations, including Dark Markets, Crypto Currency, tools to connect to Tor & I2P, and resources to help you investigate activity over Dark Web networks.   The main goal is to help gather and preserve evidence for court.

The modules in this course cover: What is the Darknet/Dark Web, Preserving Online Evidence, Base Process of Investigations, Importance of Anonymity, Connecting to Tor, Navigating the Dark Web (Tor), De-Anonymizing Tor, Other Onion Routing Dark Nets, Setting up a Dark Web Persona, What is Crypto Currency, Dark Web Investigation Subjects, Resources, Writing the Report, Case Studies, and more.

You will also be prepared to take the Certified Dark Web Investigator (CDWI) test.

Incident Response and Risk Management

This is a CSI Linux Incident Response and CompTIA Cybersecurity Analyst+ (CySA+) combined course.  In this course, you will learn everything you need to know to pass the CySA+ along with gaining key skills that will allow you to test security and identify risks.  It is suggested you use CSI Linux because there are many labs in this course.  

The CompTIA Cybersecurity Analyst+ examination is designed for IT security analysts, vulnerability analysts, or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization with the end goal of securing and protecting applications and systems within an organization.”

  • This course will teach you the fundamental principles of using threat and vulnerability analysis tools plus digital forensic tools 
  • Aimed at IT professionals with (or seeking) job roles such as IT Security Analyst, Security Operations Center (SOC) Analyst, Vulnerability Analyst, Cybersecurity Specialist, Threat Intelligence Analyst, and Security Engineer
  • Identify tools and techniques to use to perform an environmental reconnaissance of a target network or security system.
  • Collect, analyze, and interpret security data from multiple log and monitoring sources.
  • Use network host and web application vulnerability assessment tools and interpret the results to provide effective mitigation.
  • Understand and remediate identity management, authentication, and access control issues.
  • Participate in a senior role within an incident response team and use forensic tools to identify the source of an attack.
  • Understand the use of frameworks, policies, and procedures and report on security architecture with recommendations for effective compensating controls
Trainer/in: Richard Medlin

Malware Analysis Level 1

Coming Soon...

This beginners level course covers Dynamic analysis of malware.  This assumes you have a strong grasp in OS basics, networking, and virtualization.

Malware Analysis Level 2

Coming Soon...

This Intermediate level course covers both Dynamic and Static reverse engineering of malware.  This assumes you have already completed the Reverse Engineering Level 1 and Malware Analysis Level 1 courses.

Penetration Testing and Exploitation

Knowing how to think like the enemy is a massive advantage when trying to defend against or track them down.  This course focuses on the offensive side of security while preparing you for the CSI Linux Penetration Testing and Exploitation, EC-Council Certified Ethical Hacker (CEHv11), and CompTIA's Pentest+ certifications.  By the end of the training, you will have learned the base process of conducting a penetration test risk assessment to identify and take advantage of weaknesses and vulnerabilities.  You will also have access to a large test back to help you prepare for the three certifications listed above.

Trainer/in: Richard Medlin

Pivoting and Tunneling Traffic

This course covers how to communicate system to system during an assessment.  One of the biggest challenges is that you found a vulnerability to exploit, but you run into a road block...  The firewall is blocking incoming connections outside the vulnerable port or you don't have a static IP address.  As ethical hackers and pen testers, we may be working out of a hotel room at night.  How can you connect to the target systems on the inside of their network?  This course explains the challenges in depth and walks through solutions to many of these common challenges.