Advanced Windows Forensic Analysis (Vaughan, ON, Canada)
4-day Advanced Level Course
The Advanced Windows Forensics training class is a four-day course that will introduce the participant to the many forensically relevant artifacts on a Microsoft Windows system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. Attendees will gain knowledge in identifying where and how Windows stores data in the NTFS and ExFAT file systems as well as a deep dive into Registry file data, Recycle Bins, User directories and many system folders, discussing their forensic relevance to most examinations and the analysis of stored data.
The participant will also gain knowledge on how to process Microsoft browser artifacts, learn techniques to analyze ShadowCopies and File History backups. The course includes gaining an in depth look into link files, Jumplists, and prefetch files, Windows 10 Mail and OneDrive synchronization data.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s.
What you will receive:
Printed course manual · USB containing course files · Access to the Spyder Forensics Academy · Course certificate