Free

Windows Forensics and Tools

Do you have a basic understanding of the Windows operating system, but want to learn more about digital forensics? This Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as compatible software or tools that can be used to obtain or process information in such systems.
4
12
M
Time
beginner
difficulty
4
ceu/cpe

Course Content

14.1 Steganography Tools

7m

Module 14: Steganography
15.1 E-Mail Forensics

10m

Module 15: E-Mail Forensics
8.1 Windows Prefetch

10m

Module 8: Windows Essentials - Windows Prefetch
10.1 Recycle Bin

10m

Module 10: Windows Essentials - Recycle Bin
12.1 Windows Artifacts Part 1

10m

Module 12: Windows Artifacts
9.1 Registry of the Past

6m

Module 9: Windows Essentials - Restore Points
13.1 USBSTOR

8m

Module 13: USBSTOR
7.1 General Registry Info to Look For

7m

Module 7: Analysis of Evidence
6.1 Registry Hives

10m

Module 6: System Registry
5.1 SID (Security Identifier)

7m

Module 5: Windows Essentials - SID
3.1 Basic dd.exe Operation

10m

Module 3: Imaging with DD
4.1 Memparser

10m

Module 4: Memory Analysis Tools
1.1 Course Introduction

7m

Module 1: Is Windows Forensics Easy?
11.1 WORD Forensics

6m

Module 11: Reviewing Pertinent Files
16.1 Course Summary

7m

Module 16: Course Summary
14.2 Steganography Lab

5m

Module 14: Steganography
11.3 Internet History

4m

Module 11: Reviewing Pertinent Files
12.2 Windows Artifacts Part 2

9m

Module 12: Windows Artifacts
13.2 USBDeview

4m

Module 13: USBSTOR
9.2 Restore Point Data

6m

Module 9: Windows Essentials - Restore Points
7.2 UserAssist

5m

Module 7: Analysis of Evidence
6.2 New Registry Hives in Windows 8

8m

Module 6: System Registry
3.2 dd.exe Logical Drive Example

5m

Module 3: Imaging with DD
4.2 Volatility

5m

Module 4: Memory Analysis Tools
Course Description

Windows forensics and tools focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems. Opposite to the common myth, Windows forensics is not easy, even when it is the most commonly analyzed platform in computer forensics, Windows has many Undocumented features and does not allow easy access to many of the physical layer devices, which is needed for bit level operations. You will learn the general methodology used when performing a forensics analysis, which will be the same for Windows operating systems, the process for imaging in Windows and how to do it using third party software, as well as some memory analysis tools.

In order to know how to analyze the evidence, some Windows essentials will be covered, such as System registries (general registry info to look for and where), Windows Prefetch, restore points, Recycle Bin, pertinent system’s files and the structure of important Windows software like E-mail, Offices tools and Internet browsers. You will also learn some important concepts like Steganography and the Drive Nomenclature in Windows, which are key to understand how Windows is structured and where the information can be found.

There are labs and tools that will help you practice for a Windows Forensics Analysis, you will be able to use them and practice with real-life scenarios.

This course is part of a Career Path:
No items found.

Instructed by

No items found.
Provider
Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Windows Forensics and Tools Certificate of Completion