Advanced Windows 10 Forensic Training with Windows 11 Forensic Exploitation – Live Onsite – Feb 21st ~ 25th, 2022 (Live Onsite – Bend, OR)
5-day Advanced Level Course
The Advanced Windows® 10 Forensic analysis section of the class is an expert-level four-day training course, designed for examiners who are familiar with the principles of digital forensics and keen to expand their knowledge on advanced forensics using a host of third-party tools to improve their digital investigations techniques.
The Spyder Forensic Advanced Windows® 10 Forensic Analysis course will give participants unbiased knowledge and skills necessary to analyze artifacts left behind through system and user interaction with the host system, utilizing industry-standard tools and open source applications to explore the data in greater depth by learning how applications function and store data throughout the system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows® artifacts that are vitally important to forensic investigations. The participant will gain knowledge on how to process the chromium Edge browser, BitLocker encryption, Windows® Action Center, TimeLine, and other Windows® 10 specific artifacts. The course includes gaining in-depth knowledge of JumpLists, Registry analysis, and prefetch files and how they relate to the investigation and conclude with an in-depth look at OneDrive and synchronization processes between trusted devices. SQLite forensics plays a major role in the analysis of data therefore students will gain detailed knowledge in scripting and data exploitation.
Windows 11 Artifacts
This specialized one-day workshop introduces you to the latest forensic artifact updates in the Microsoft Windows® 11 Operating System. The workshop will focus on new and updated system artifacts, new user data locations and explore analysis techniques with new virtualized applications. During this one-day course, participants will review various Windows 11 features, exploring traditional artifacts such as Chromium Edge, Cortana, OneDrive, Windows® Mail, TimeLine and how these items have changed in the lasted OS. Attendees will also gain insight into BitLocker and mandatory requirements enforced by Microsoft.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s.