Windows 10 Advanced Forensic Analysis (Norwalk, CT)
4-day Advanced Level Course
The Advanced Windows® 10 Forensic analysis class is an expert-level four-day training course, designed for examiners who are familiar with the principles of digital forensics keen to expand their knowledge on advanced forensic techniques using a host of third-party tools to improve their digital investigations workflows.
The Spyder Forensic Advanced Windows® 10 Forensic Analysis course will give participants unbiased knowledge and skills necessary to analyze artifacts left behind through system and user interaction with the host system, utilizing industry standard tools and open source applications to explore the data in greater depth by learning how applications function and store data in the file system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows® 10 artifacts that are vitally important to any forensic examination. Each participant will gain detailed knowledge on how to use SQL queries to extract data from various databases now found on all Windows® 10 systems. BitLocker encryption, Windows® Action Center, TimeLine, JumpLists, Registry artifacts, prefetch files along with other Windows® 10 specific artifacts are examined in-depth and how they relate to forensic investigations. Students will also gain an in-depth look at OneDrive and the synchronization processes between trusted devices.
Attendees will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and student practicals.