Windows® 10 Overview
A general overview of Windows 10 functionality, focusing on the new artifacts of interest to the digital forensic examiner.
A deep dive into the core system artifact updates on a standard Windows 10 environment. Students will be exposed to changes and updates to the following items:
- File System
- Disk Layout
- Recycle Bin
- Prefetch Compression
Windows 10 brings many new items of interest to the forensic examiner; this session focuses on new items of interest within the user profile where day-to-day activity on the host system has occurred.
Items covered include
- Edge Browser structure and artifacts
- Cortana’s interaction with the system and user activity including data files located in the package folder structure.
Also covered at notification updates and decompiling of data structures, examination of the Timeline function and artifacts, Windows Mail and the ‘Comms’ folder, Registry updates, and OneDrive sync considerations.
- 8hrs of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
To get the most out of this class, you should:
- Have minimal experience