Time
4 hours 15 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
Hello And congratulations is you've made it to the speedy Oh, you completed the curse.
00:06
We just finished. The more general email forensics. So it should be very proud of yourself. Now you're in a great position. Is gonna keep learning more about four and six or performed for a SEC investigation in a window's environment.
00:20
So remember, if you haven't downloaded the additional material for this course I've ever commanded a little let aunt took the references us Well, for a better understanding off the topics covered, you're going to find loads. Cards are more helpful information to help in your studies. I encourage youto practices in the guides
00:40
side. Very HASA lot off loves that you can do
00:43
or into Windows Machine. Just remember, breakfast is key.
00:47
Just a quick recap off everything recovered in his curse.
00:52
Immortal One would talk about some basic information the definition off window for six on why it is important with this costs from common mitts on how opposite to what people think when the forensics is not easy because it has many undocumented features.
01:08
As you probably remember, we also started the forensic investigation mythology,
01:14
which is the same in any scenario.
01:17
Mother to Watts about. Imagine, in Windows, we did find the concept off imaging the principles on the structure off a window. Severity of system.
01:26
We talk about the physical biological drive. Lament Lecture. Why the letter used for them in this case? See a swell. A song for history entries.
01:36
Immortal Tree. We performed some hands on exercises about emerging with the D we covered. What did he is? It's basic operation some D D comments on What can you do with this tool? We also explained some of the ideological drives examples covering physical memory,
01:56
how to look at memory and what can you find when analyzing it.
02:00
Model four was about some memory analysis tools in Windows. We defined a stool. What are they for? The capability and the basic commands. We also had some labs as hands on experience on some questions, as in every module to test, you know less
02:20
in modify. We learned about the security lt fire in Windows. What it is structure on. What can we learn for needs in a forensic information
02:30
model? Six was about the Windows registry or system restrict, which is a very important place to look with performing a forensic examination. We defined the different haIf on keys. So she Assan security. So for system under the fold key.
02:47
What can you find in then? A swell a suddenly recent highs are it in window state, such as a land on TV? I under Israeli rule Keys
02:59
Immortal seven. We covered the analysis off the evidence. Something a little history in photo. Look for footprints. Search history, Euros command. Executed in the machine as well are some files. We started a window stool
03:15
that could help us to discover or 20 allies. Dividends gather
03:20
mortal. Eight. Is the Windows profession. Another off the Windows essentials. Willard's definition on how it is populated as well as the functionality on difference, according to the version off the operating system
03:34
following with the Willis ascension. Lt's in model nine week over to restore points. Another key aspect in the Windows forensic analysis in which we can discover so many secrets about the machine.
03:47
We analyzed the true history and how it is the best place to look on. How can we take advantage of this sun for district keys were present in this model as well. A sun windows integrated tools
04:02
immortal. Today we learned all the discoveries that we can make by analyzing the recyclable, which is another off the Windows essentials
04:12
with this cost, how important it is a swell us where we can find it on Answer how it changes from one version. Toe another In Mother 11 we analyzed so impertinent files. So she has so Microsoft Office fires. Pictures, Ambrose. Our information.
04:30
There were some step by step guides
04:32
in order to get you together. Sonny Porter Information. As evidence, which can be vital in a forensic examination
04:41
model 12th was about Windows artifacts. Some additional places to look when analyzing a Windows machine such as cool kiss that just fold their application data and so much more. It is very important that our forensic investigator knows the different places to look for a specific information.
05:00
The model to thine. We learned that every USB device connected on any point in time to the machine is saved in the registry.
05:09
We started USB store on How can we analyzed it? What information can be extracted from it on how important it is. Additionally, we performed some exercises with tools to analyse it.
05:23
Muscle 14 was about steganography, which is a very important Tonique toe hide information in fires. We started the definition how it differs from cryptography on, of course, how this feat in the universe off the heater forensics.
05:40
We also use from tools to hide and extract information from a much files.
05:46
Lastly, immortal 15 we analyzed the structure off emails, which is known as email forensics. For these, we started how anemia is composed on what information we can extract front on email. Heather. So they conform much for taking this course.
06:05
I wouldn't core issue if you don't have a cyber reprieve, you membership.
06:09
It opens so much information for you, you can get labs which can help your stories and to practice all the no less obtained again. Thank you for taking the course on See you in the next one.

Windows Forensics and Tools

The Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems.

Instructed By

Instructor Profile Image
Adalberto Jose Garcia
Information Security Analyst at Bigazi
Instructor