Creating a Baseline Using the Windows Forensic Toolchest (WFT)

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
30 minutes
Difficulty
Intermediate

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is a Cybrary Lab intended for students of Intermediate|Advanced level. Creating a Baseline Using the Windows Forensic Toolchest (WFT) teaches how to create a baseline of running services, installed services and registries key with the WFT, and is targeted toward Cyber Defense Forensics Analyst path. Upon successful completion of Creating a Baseline Using the Windows Forensic Toolchest (WFT), the student will be able to create and analyze WTF baselines. Creating a Baseline Using the Windows Forensic Toolchest (WFT) takes 30min to complete.

Through a practical scenario this laboratory proposes the following tasks:

  • Create a baseline with the WFT (Windows Forensic Toolchest)
  • Create a baseline of running services with the WFT
  • Create a baseline of installed services with the WFT
  • Create a baseline of key registries with the WFT
  • Analyze the output of the created baseline

By comparing your own baseline with a previously existing baseline, the student will be able to identify relevant, possibly compromised, modifications in a variety of data, including:

  • Running Processes
  • System handles
  • Disk usage
  • Media Access Control (MAC) times for files
  • Key registry entries
  • User accounts
  • System tasks
  • Schedules tasks

Click on the launch button to start the lab.

In Creating a Baseline Using the Windows Forensic Toolchest (WFT), students will learn about baseline analysis, which involves produce and understand a baseline, analyzing its content. Utilize deployable forensics toolkit to support operations as necessary is a key part of the Cyber Defense Forensics Analyst.

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is presented by Cybrary and was created by CybrScore.

Creating a Baseline Using the Windows Forensic Toolchest (WFT) is part of the Cyber Defense Forensics Analyst path. Completion of Creating a Baseline Using the Windows Forensic Toolchest (WFT) means that the student has understood how to create and analyze WTF baselines.

Click on the launch button to start the lab.