Windows Forensics Training | Solving forensic investigations and e-discovery with AI

Intermediate
Intermediate

Windows forensic training

In forensic research, Windows analysis technology, which boasts an overwhelming market share as an OS, is indispensable.
In this training course, we aim to acquire the survey / analysis technology from a comprehensive perspective necessary for finding traces of systematic behavior and behavior of the subject in Windows PC survey.

Training start schedule
We accept individual consultations at any time

Curriculum

On the 1th day,

Windows OS overview and prior knowledge
- History of WindowsOS
- Directory structure
- Time stamp
- The concept of NTFS file system and data recovery
- exercise
Encryption function implemented in Windows
- EFS (Encrypting File System)
- Bitlocker/Bitlocker To Go
- exercise

On the 2th day,

Windows artifact
- Device driver installation
- print spool
- thumbnail file
- Trash data
- Recent
- prefetch
- Virtual Hard Disks (VHDs)
- System Volume Information (restore points)
- Alternate data stream
- Event Log
- hibernation and pagefile
- exercise

On the 3th day,

Registry
- Registry overview
- Limitations of Registry Editor
- Hive and supporting files (dynamic/static state)
- Registry data structure
- Survey items in registry analysis
- SAM
- SOFTWARE
- SYSTEM
- NTUSER. DAT
- exercise
Analysis training using sample data

* Each schedule will be from 9:30 to 17:00.
* Curriculum is subject to change.Please check when making inquiries.

Detailed information

Course target	Basic knowledge of computer forensics Those who understand the basic operation of personal computers (especially Windows) Those who have passed the IT Passport Examination (old: Elementary System Administrator Examination) or those who have equivalent knowledge and skills
Knowledge skills that can be acquired	Knowledge and skills required for Windowe PC investigation Overview of Windows OS Traces left by software on Windows OS Registry analysis
Tuition fee	Please contact us.