Trace the Fault: Troubleshooting Workflows
Hypothesis trees, evidence logging, and vendor hand-offs without narrative gaps.
Description
Each week introduces a different failure domain—identity, network path, client performance—with reproducible steps. You keep a single evidence log per case that an engineer can continue without re-interviewing the customer.
What is included
- Versioned repro notebooks
- Vendor boundary checklist
- Packet capture interpretation primer (read-only)
- Paired escalation rehearsals
- Office hour with lab engineer
- Capstone incident with incomplete notes (by design)
- Exportable evidence log template
Outcomes
- Produce logs that survive a tier-2 pickup
- State falsifiable hypotheses before touching config
- Document rollback paths before risky changes
FAQ
Do we install sniffers?
We review captures generated in the lab. Installing production sniffers without approval is out of scope and discouraged.
Linux coverage?
Primarily Windows and macOS user land. A Linux appendix exists but is self-paced text only.
Can we bring internal tools?
Yes during week five office hours, subject to confidentiality rules signed at intake.
Participant notes
Vendor hand-off checklist alone saved us a recurring fight with a firewall vendor. Capstone was brutal in a useful way.
I liked the evidence log discipline. Less enamoured with the packet section—still valuable, just dense.