Free

Windows Forensics and Tools

Do you have a basic understanding of the Windows operating system, but want to learn more about digital forensics? This Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as compatible software or tools that can be used to obtain or process information in such systems.

Start Course Subscribe for Updates Need to train your team? Learn more

Create Free Account Need to train your team? Learn more

Time

beginner

difficulty

ceu/cpe

Course Content

Module 1: Is Windows Forensics Easy?

Module 2: Windows Imaging

Module 3: Imaging with DD

Module 4: Memory Analysis Tools

Module 5: Windows Essentials - SID

Module 6: System Registry

Module 7: Analysis of Evidence

Module 8: Windows Essentials - Windows Prefetch

Module 9: Windows Essentials - Restore Points

Module 10: Windows Essentials - Recycle Bin

Module 11: Reviewing Pertinent Files

Module 12: Windows Artifacts

Module 13: USBSTOR

Module 14: Steganography

Module 15: E-Mail Forensics

Module 16: Course Summary

Course Description

Windows forensics and tools focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems. Opposite to the common myth, Windows forensics is not easy, even when it is the most commonly analyzed platform in computer forensics, Windows has many Undocumented features and does not allow easy access to many of the physical layer devices, which is needed for bit level operations. You will learn the general methodology used when performing a forensics analysis, which will be the same for Windows operating systems, the process for imaging in Windows and how to do it using third party software, as well as some memory analysis tools.

In order to know how to analyze the evidence, some Windows essentials will be covered, such as System registries (general registry info to look for and where), Windows Prefetch, restore points, Recycle Bin, pertinent system’s files and the structure of important Windows software like E-mail, Offices tools and Internet browsers. You will also learn some important concepts like Steganography and the Drive Nomenclature in Windows, which are key to understand how Windows is structured and where the information can be found.

There are labs and tools that will help you practice for a Windows Forensics Analysis, you will be able to use them and practice with real-life scenarios.

This course is part of a Career Path:

No items found.

Instructed by

Instructor

Adalberto Jose Garcia

I was born in the Colombia's Caribbean Coast, surrounded by the sun, the sea and very joyful people. As my childhood was during the 90’s and the beginning of the 2000s, I grew up seeing how the technology was advancing and how the internet was taking over. My interest for this new thing called computers was born and I wanted to know everything about them. I was a curious child, always searching for answers and new things to do and learn, thanks to my parents I was able to develop my curiosity by taking painting classes, swimming lessons, and even music lessons once! (Although I need to clarify that music is not my thing), they bought a Computer when they realized that I was really interested in this field.

For that, when I finished school, I chose an undergraduate program in Systems Engineer, which focuses in Computer sciences and all the different areas where we can develop our knowledge.

Provider

Certification Body

Certificate of Completion

Complete this entire course to earn a Windows Forensics and Tools Certificate of Completion

Page URL

Copy