Creating a Baseline Using the Windows Forensic Toolchest (WFT)

CYBRScore
Virtual Lab

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Time
30 minutes
Difficulty
Intermediate
5.0
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Overview

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is a Cybrary Lab intended for students of Intermediate|Advanced level. Creating a Baseline Using the Windows Forensic Toolchest (WFT) teaches how to create a baseline of running services, installed services and registries key with the WFT, and is targeted toward Cyber Defense Forensics Analyst path. Upon successful completion of Creating a Baseline Using the Windows Forensic Toolchest (WFT), the student will be able to create and analyze WTF baselines. Creating a Baseline Using the Windows Forensic Toolchest (WFT) takes 30min to complete.

Through a practical scenario this laboratory proposes the following tasks:

  • Create a baseline with the WFT (Windows Forensic Toolchest)
  • Create a baseline of running services with the WFT
  • Create a baseline of installed services with the WFT
  • Create a baseline of key registries with the WFT
  • Analyze the output of the created baseline

By comparing your own baseline with a previously existing baseline, the student will be able to identify relevant, possibly compromised, modifications in a variety of data, including:

  • Running Processes
  • System handles
  • Disk usage
  • Media Access Control (MAC) times for files
  • Key registry entries
  • User accounts
  • System tasks
  • Schedules tasks

Click on the launch button to start the lab.

In Creating a Baseline Using the Windows Forensic Toolchest (WFT), students will learn about baseline analysis, which involves produce and understand a baseline, analyzing its content. Utilize deployable forensics toolkit to support operations as necessary is a key part of the Cyber Defense Forensics Analyst.

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is presented by Cybrary and was created by CybrScore.

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is part of the Cyber Defense Forensics Analyst path. Completion of Creating a Baseline Using the Windows Forensic Toolchest (WFT) means that the student has understood how to create and analyze WTF baselines.

Click on the launch button to start the lab.