Windows 11 Forensic Exploitation
32 Hours / 4-DayThis Advanced course is designed for the examiner who wants to advance their knowledge and skills in digital forensic examinations where databases contain much of the data and alternate methods of exploitation are required.
Windows® 11 Artifact Overview
- Examine the version characteristics between Windows® 11 Operating systems
- What is new in the Microsoft OS
- Walkthrough Windows 11 from a user perspective
- Explorer updates
- Visual changes
- Changes to Existing Artifacts
- System updates
- Core Application updates
- Automated data deletions
BitLocker Encryption
- Learn how BitLocker is implemented on system partitions and removable media
- Locate and read the metadata objects located in the encrypted volume
- Describe BitLocker To Go
- Review recovery options when BitLocker fails
- Workflows in the analysis of a BitLocked volume
Windows 11 sub-system Analysis
- What is new in the Microsoft Sub-systems
- Explore the uses of Linux Sub-systems on Windows Operating Systems
- Learn of the Android Sub-System introduced with Windows 11
- Examine host-based artifacts through the use of WSL and WSA
Exercises in Registry analysis on a Windows 11 system
- Define the Windows Registry
- Discuss Forensic benefits of the Registry
- Explore Windows 11 Account types and updates
- Review how to track removable hardware across a Windows 11 system
- Examine user interactions with the system
Recent File Interactions
- Introduction to Windows Shell Links
- Windows 11 Jump Lists
- Jump List Analysis
- Introduction to Windows 11 Recent File lists
- Examination of backend databases
- The exploitation of data fields using comprehensive scripting techniques
OneDrive on Windows 11
- Microsoft OneDrive solution overview
- Review the different options for OneDrive
- Locate key folders of interest
- User files
- Synchronization log files
- User settings
- Learn interpretation of stored settings files
Chromium Based Browsers
- Review the Chromium Edge Browser application
- Locate key folders of interested within the user profile
- Extract browsing artifacts from various SQLite databases
- Learn techniques in the extraction and analysis of JSON encoded artifacts
- Explore Alternate databases using Python
- Introduction to LevelDB’s and Analysis
Windows 11 Mail
- Windows Mail and examination techniques
- Learn of the function of the Windows Mail client
- Locations of Trusted and Untrusted data
- Explore processes to review data on host machine
Course Information
$2,595
- 40hrs of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
Prerequisites
To get the most out of this class, you should:
- Have 6 months of experience in forensic examinations.
Request the Syllabus
Contact Spyder Forensics for more details of the course.
Hosting Courses
If you are interested in hosting this, or any of our courses at your facility, contact us.
Ready to get started?
14 May - 17 May
Live Remote Training
Tuesday
23 July - 25 July
Huntington, WV
Tuesday
Summer Forensic Workshop (Live onsite – Huntington, WV) – July 2024
1676 3rd Ave, Huntington, WV 25703
24 September - 27 September
Live Remote Training
Tuesday
11 November - 14 November
BCN Utrecht
Monday
Windows 11 Forensic Exploitation – November 2024 (Live-onsite, Utrecht, Netherlands)
Daltonlaan 100 3584 BJ Utrecht
18 February
Live Remote Training
Tuesday
No event found!