Overview
In this lab, you will learn how to search through a forensic disk image in dd format to find artifacts related to an intrusion on a Windows Server. A hacker’s dream is to compromise a Windows Server, especially a domain controller, because they can leverage the Domain administrator account to control most of the other systems within in the network. The relevant forensic artifacts from a Windows Server include log files, event viewer files, and registry entries.
![](https://cdn.prod.website-files.com/63eef1be981a383fb127661f/6468eae8ab58adc3583d03b2_Forensic_Analysis_of_Windows_Server.jpeg)
Learning Partner
![Infosec Learning](https://cdn.prod.website-files.com/63eef1be981a383fb127661f/647452bb8f7e2196a152921c_INFOSEC-final-logo-CMYK.png)
Infosec Learning
Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.