Windows Artifacts Foundations
24 Hours / 3-DayBe introduced to the many forensically relevant items stored on a Windows-based system through user interaction and host operating system functionality.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-icon_4.jpg?media=1667534298)
Operating Systems Overview
- Learn to identify the core features of each NT Operating System
- List the key artifacts contained in modern operating systems
- Identify and review common folders on
an NT Operating System.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/11/coding-icon_12.jpg?media=1667534298)
Windows® System Artifacts
- Describe the purpose of User Account Control
- Discuss the forensic importance of Windows Prefetch and Superfetch
- Learn how to examine ShadowCopies
- Examine the function and forensic importance of the Recycle Bin.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-iconArtboard-19-copy-9.jpg?media=1667534298)
Introduction to the Windows® Registry
- Define the Windows Registry
- Discuss Forensic benefits of examining the Registry
- Recovering evidentially relevant data from the following registry files:
- SAM
- SYSTEM
- SOFTWARE
- NTUSER.DAT
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-iconArtboard-19-copy-9.jpg?media=1667534298)
Windows® Shortcuts
- Introduction to Windows Shortcuts
- Examine Link File Anatomy
- Introduction to Jump Lists and analysis.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-iconArtboard-19-copy-9.jpg?media=1667534298)
Thumbnail Caching
- Learn of the functions Windows uses to cache thumbnail images
- Discuss user interaction characteristics
- Examine the internal structure of each cached database.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-iconArtboard-19-copy-9.jpg?media=1667534298)
Windows® Start Screen Examination
- Describe the purpose of Windows Immersive Applications
- Examine how the Live Tiles cache data
- Explore the storage areas for Immersive Applications.
- Introduction to ESE Database analysis
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-iconArtboard-19-copy-9.jpg?media=1667534298)
Browser Examination
- Introduction to browser forensics
- Discuss common features of all browsers
- Examination of data storage locations and artifacts of forensic interest
- Introduction to Chromium-based browser artifacts
- Examine storage locations
- Learn of travel logs and their examination
- Discuss the implications of InPrivate browsing
- Introduction to the Cortana digital assistant
Course Information
$1,995
- 24hrs of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
Prerequisites
To get the most out of this class, you should:
- Have 6 months experience of forensic examinations
- Be familiar with Windows Operating systems.
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-icon_8.jpg?media=1667534298)
Request the Syllabus
Contact Spyder Forensics for more details of the course..
![](https://usercontent.one/wp/www.spyderforensics.com/wp-content/uploads/2018/10/coding-icon_8.jpg?media=1667534298)
Hosting Courses
If you are interested in hosting this, or any of our courses at your facility, contact us.