< All Computer Hacking and Forensics Notes

YoussefM | Computer and Hacking Forensics | Module 8 – Windows Forensics

By: YoussefM | Related Course: Computer Hacking and Forensics | Published: November 11, 2017 | Modified: December 28, 2017
Join Cybrary

NotepadWindows Forensics

Welcome to Module 8, Windows Forensics.  Of all the modules in the Computer Hacking & Forensics course, Windows Forensics is the most priceless in terms of knowledge gained and hands on experience required.


Windows Forensic Analysis focuses on the critical and in-depth digital forensics knowledge of the Microsoft Windows operating system.

You’ll learn about volatile vs. nonvolatile information, what it is and why it’s significant.  Forensic analysis would look at unauthorized open files, connections, clipboard activities and content, all these components are examples of volatile information as it relates to you determining what someone would be looking to modify.

We’ll also discuss at length how to profile a system, what tools to utilize and how to establish an accurate profile. You’ll learn the value of memory analysis, cookie & cache analysis and other targets that when complete will comprise a complete system profile.

Module 8, Windows Forensics has the following demonstration labs to help build your expertise:

  • Date Time Lab
  • Kdirstat Lab
  • Net File Lab
  • Net Session Lab
  • Net Statistics Lab
  • PSFile Lab
  • PSLoggedOn Lab
  • Regedit vs Regedt32 Comparison Lab
  • stat command Lab
  • Total Commander Lab

NotepadWindows Forensics Date Time Lab

Windows Forensics Date Time Lab

The Date Time lab demonstrates a date and time setting utility run from the command prompt, a function typically exercised in system/network administration.

It is syntax specific and you’ll observe a demonstration on how to use this utility set and reset the date and time stamps of the system.

NotepadWindows Forensics Kdirstat Lab

Windows Forensics Kdirstat Lab

Welcome to the new world of visual hard drive analysis.  Kdirstat is a software analytics tool that unlike other hard drive analytics which is static data, gives you a visual perspective of what is happening with and in a hard drive system.

This Kdirstat lab demonstrates both visual analytics and well as some cleanup and other functions for an entirely different perspective on conducting storage resource analysis.

NotepadWindows Forensics Net File Lab

Net File is a command line utility that demonstrates for you whether or not files are open or closed on the network share drive.

The Net File lab shows what you can do remotely to confirm sever-side if files are open, and how to use the utility to closing an open file on the network.


< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?