Advanced Windows Forensic Analysis (Live Onsite – Pittsburgh, PA)

Advanced Training

Course Overview

The Windows® Forensic analysis course is an advanced level 3-day training event designed for examiners who are familiar with the principles of digital forensics who are keen to expand their knowledge on advanced forensics using a host of third-party tools to improve their digital investigations techniques on the latest operating system from Microsoft.

Students will learn to use various applications and utilities to successfully identify, process, understand, and document numerous Windows® artifacts that are vitally important to forensically examine the latest Microsoft operating system. The participant will gain knowledge on how to process the latest BitLocker encryption options analyze Windows® Immersive apps, examine core operating system functions such as ShadowCopies, File History, Windows search database and exploit the Windows registry beyond simple tool scripting. SQLite forensics plays a major role in the analysis of data on modern operating systems therefore students will gain detailed knowledge in scripting and data exploitation

Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and student practicals.

Course Highlights

Learn to use various applications and utilities to successfully identify, understand and document numerous Windows® 11 artifacts that are vitally important to forensic Examinations.

Learn how to process core system artifacts including SQLite Database analysis, and other new Windows®applications.

Gain analysis knowledge of Windows OneDrive synchronization and how data is shared between trusted devices.

Unbiased use of a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and practical’s.

The course will follow adult learning principles through training aids such as presentations, diagrams and practical instructor lead examples.  Each artifact covered will be presented in either one or two 50-minute sessions followed by review questions.  Students will be given the opportunity throughout the course to ask questions and discuss objectives covered in more detail.  Throughout each day students will have practical exercises to work on in order to reinforce the topics.

What you will need:

Spyder Forensics will provide a training environment, student laptop to use throughout the course and all software used throughout the week.

What you will receive:

Printed course manual · Student USB  · Access to the Spyder Forensics Academy · Course certificate

Course cost: $1,995
Rob has over 2 decades of experience developing and presenting training on Digital Forensics, Cyber Security, Mobile Forensics and eDiscovery education programmes for the global digital investigations community. As a long term member of the International Association of Computer Investigative Specialists (IACIS), Rob instructs regularly at the association’s annual conferences and is a lead instructor for the Advanced Windows Forensic course as well as regularly presenting at the premier international digital forensics conferences such as High Technology Crime Investigation Association, Department of Defence Cyber Crime, F3 Annual Workshops and Internet Crimes against Children taskforce. Rob has contributed to digital forensic publications and is a subject matter expert to various course for the ATA program managed by the State Department in the USA. Rob continually develops solutions to identify and report on new forensic artifacts on emerging technologies which he shares on open and closed forums.


Nov 20 2023 - Nov 22 2023


9:00 am - 5:00 pm




611 Washington Road Mt. Lebanon, Pennsylvania 15228
Spyder Forensics


Spyder Forensics
+1 304-212-4959