Intermediate
Intermediate
Windows forensic training
In forensic research, Windows analysis technology, which boasts an overwhelming market share as an OS, is indispensable.
In this training course, we aim to acquire the survey / analysis technology from a comprehensive perspective necessary for finding traces of systematic behavior and behavior of the subject in Windows PC survey.
Training start schedule
We accept individual consultations at any time
Curriculum
On the 1th day,
- Windows OS overview and prior knowledge
- History of WindowsOS
- Directory structure
- Time stamp
- The concept of NTFS file system and data recovery
- exercise
- Encryption function implemented in Windows
- EFS (Encrypting File System)
- Bitlocker/Bitlocker To Go
- exercise
On the 2th day,
- Windows artifact
- Device driver installation
- print spool
- thumbnail file
- Trash data
- Recent
- prefetch
- Virtual Hard Disks (VHDs)
- System Volume Information (restore points)
- Alternate data stream
- Event Log
- hibernation and pagefile
- exercise
On the 3th day,
- Registry
- Registry overview
- Limitations of Registry Editor
- Hive and supporting files (dynamic/static state)
- Registry data structure
- Survey items in registry analysis
- SAM
- SOFTWARE
- SYSTEM
- NTUSER. DAT
- exercise
- Analysis training using sample data
* Each schedule will be from 9:30 to 17:00.
* Curriculum is subject to change.Please check when making inquiries.
Detailed information
Course target |
|
---|---|
Knowledge skills that can be acquired |
|
Tuition fee | Please contact us. |
Training
FRONTEO's Legal Tech AI
Please feel free to consult us.