Products
-
Investigating Windows Shellbags
CourseExplore Windows Shellbag artifacts to reconstruct folder view history. Learn to parse BagMRU and Bags registry keys, analyze timestamp metadata, and infer accessed directories, even deleted ones, through practical forensic labs.
$50
-
Investigating USB Thumb Drives
CourseAnalyze Windows USB forensic artifacts in hands-on labs. Learn to identify device IDs, connection timestamps, drive letters, and registry entries (e.g. MountPoints and SetupAPI logs). Ideal for DFIR analysts and USB investigations.
$50
-
Volume Shadow Copies (VSC)
CourseLearn how Windows Volume Shadow Copies (VSS) work and how to use them in forensic investigations. Gain skills to detect, mount, and analyze shadow snapshots to recover previous file versions. Hands-on labs ideal for DFIR analysts.
$50
-
Investigating Windows Scheduled Tasks
CourseLearn how to parse Windows Scheduled Tasks artifacts using hands-on virtual labs. Understand task formats, registry and XML artifacts, and how to uncover forensic evidence from scheduled jobs. Free foundational training for DFIR investigators.
Free
-
Windows Event Logs
Course5.0 average rating (1 review)Learn how to extract, analyze, and interpret Windows Event Logs using real-world forensic techniques. Dive into Event Viewer artifacts, log types, policy auditing, and extraction methods through guided virtual labs. Ideal for DFIR and SOC analysts.
$50
-
BSides Amman 2021 Windows Forensics Workshop
CourseIn this workshop we will be investigating a policy violation case, where we go over different Windows artifacts that will help solve the case.
Free