Host forensics is the most hated of all CTF problem types. This is not because the problems are particularly hard or boring, but is because some people who make the problems are lazy and make it into a dumb guessing game. Personally, forensics problems are my favorite category. It's the one that has the most applicability to real world jobs, is super easy to get started, and when the problems are done correctly, it is basically like solving a mystery.
There are a few categories of forensic problems that we will go over in this course, focusing on the ones that we see in CTF problems the most frequently. None of this should be confused with what actual forensic analysts do in an incident response, however, many of the skills overlap and there are some fundamental theories that can be applied to CTF problems.