Course Content

Module 1: Is Windows Forensics Easy?

07:04
1.1 Course Introduction
09:36
1.2 Common Myths
07:50
1.3 Forensic Investigation Methodology

Module 2: Windows Imaging

04:37
2.1 Physical Drive Nomenclature in Windows
09:07
2.2 Logical Drive Nomenclature in Windows
04:21
2.3 Summary of Windows Device Names

Module 3: Imaging with DD

10:13
3.1 Basic dd.exe Operation
05:24
3.2 dd.exe Logical Drive Example
07:57
3.3 Physical Memory
04:47
3.4 Looking at Memory

Module 4: Memory Analysis Tools

10:12
4.1 Memparser
04:39
4.2 Volatility
10:26
4.3 Other Tools

Module 5: Windows Essentials - SID

07:07
5.1 SID (Security Identifier)

Module 6: System Registry

09:20
6.1 Registry Hives
08:39
6.2 New Registry Hives in Windows 8
06:38
6.3 Registry Root Keys
05:39
6.4 Registry Viewer

Module 7: Analysis of Evidence

07:25
7.1 General Registry Info to Look For
05:17
7.2 UserAssist
04:38
7.3 UserAssist Parcer

Module 8: Windows Essentials - Windows Prefetch

10:12
8.1 Windows Prefetch

Module 9: Windows Essentials - Restore Points

05:56
9.1 Registry of the Past
06:00
9.2 Restore Point Data

Module 10: Windows Essentials - Recycle Bin

10:27
10.1 Recycle Bin

Module 11: Reviewing Pertinent Files

05:51
11.1 WORD Forensics
03:53
11.2 Pictures
03:57
11.3 Internet History

Module 12: Windows Artifacts

09:25
12.1 Windows Artifacts Part 1
09:07
12.2 Windows Artifacts Part 2

Module 13: USBSTOR

07:42
13.1 USBSTOR
03:58
13.2 USBDeview

Module 14: Steganography

06:54
14.1 Steganography Tools
04:39
14.2 Steganography Lab

Module 15: E-Mail Forensics

10:26
15.1 E-Mail Forensics

Module 16: Course Summary

06:22
16.1 Course Summary

Course Description

Windows forensics and tools focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems. Opposite to the common myth, Windows forensics is not easy, even when it is the most commonly analyzed platform in computer forensics, Windows has many Undocumented features and does not allow easy access to many of the physical layer devices, which is needed for bit level operations. You will learn the general methodology used when performing a forensics analysis, which will be the same for Windows operating systems, the process for imaging in Windows and how to do it using third party software, as well as some memory analysis tools.

In order to know how to analyze the evidence, some Windows essentials will be covered, such as System registries (general registry info to look for and where), Windows Prefetch, restore points, Recycle Bin, pertinent system’s files and the structure of important Windows software like E-mail, Offices tools and Internet browsers. You will also learn some important concepts like Steganography and the Drive Nomenclature in Windows, which are key to understand how Windows is structured and where the information can be found.

There are labs and tools that will help you practice for a Windows Forensics Analysis, you will be able to use them and practice with real-life scenarios.

Instructed By

Instructor Profile Image
Adalberto Jose Garcia
Instructor

Provided By

Cybrary Logo

Certificate of Completion

Certificate Of Completion

Complete this entire course to earn a Windows Forensics and Tools Certificate of Completion