Windows Forensics and Tools

Name: Windows Forensics and Tools
Rating: 3.46 (56 reviews)

Do you have a basic understanding of the Windows operating system, but want to learn more about digital forensics? This Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as compatible software or tools that can be used to obtain or process information in such systems.

Time

4 hours 15 minutes

Difficulty

Beginner

CEU/CPE

3.5

NEED TO TRAIN YOUR TEAM? LEARN MORE

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Course Content

Module 1: Is Windows Forensics Easy?

1.1 Course Introduction

FREE

1.2 Common Myths

FREE

1.3 Forensic Investigation Methodology

FREE

Module 2: Windows Imaging

2.1Physical Drive Nomenclature in Windows

FREE

2.2Logical Drive Nomenclature in Windows

FREE

2.3Summary of Windows Device Names

FREE

Module 3: Imaging with DD

3.1Basic dd.exe Operation

FREE

10m

3.2dd.exe Logical Drive Example

FREE

3.3Physical Memory

3.4Looking at Memory

Module 4: Memory Analysis Tools

4.1Memparser

10m

4.2Volatility

4.3Other Tools

10m

Module 5: Windows Essentials - SID

5.1SID (Security Identifier)

Module 6: System Registry

6.1Registry Hives

6.2New Registry Hives in Windows 8

6.3Registry Root Keys

6.4Registry Viewer

Module 7: Analysis of Evidence

7.1General Registry Info to Look For

7.2UserAssist

7.3UserAssist Parcer

Module 8: Windows Essentials - Windows Prefetch

8.1Windows Prefetch

10m

Module 9: Windows Essentials - Restore Points

9.1Registry of the Past

9.2Restore Point Data

Module 10: Windows Essentials - Recycle Bin

10.1Recycle Bin

10m

Module 11: Reviewing Pertinent Files

11.1WORD Forensics

11.2Pictures

11.3Internet History

Module 12: Windows Artifacts

12.1Windows Artifacts Part 1

12.2Windows Artifacts Part 2

Module 13: USBSTOR

13.1USBSTOR

13.2USBDeview

Module 14: Steganography

14.1Steganography Tools

14.2Steganography Lab

Module 15: E-Mail Forensics

15.1E-Mail Forensics

10m

Module 16: Course Summary

16.1Course Summary

Course Description

Windows forensics and tools focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems. Opposite to the common myth, Windows forensics is not easy, even when it is the most commonly analyzed platform in computer forensics, Windows has many Undocumented features and does not allow easy access to many of the physical layer devices, which is needed for bit level operations. You will learn the general methodology used when performing a forensics analysis, which will be the same for Windows operating systems, the process for imaging in Windows and how to do it using third party software, as well as some memory analysis tools.

In order to know how to analyze the evidence, some Windows essentials will be covered, such as System registries (general registry info to look for and where), Windows Prefetch, restore points, Recycle Bin, pertinent system’s files and the structure of important Windows software like E-mail, Offices tools and Internet browsers. You will also learn some important concepts like Steganography and the Drive Nomenclature in Windows, which are key to understand how Windows is structured and where the information can be found.

There are labs and tools that will help you practice for a Windows Forensics Analysis, you will be able to use them and practice with real-life scenarios.

Instructed By