Products
-
Investigating Windows System Registry Artifacts
CourseExplore key Windows system registry artifacts using hands‑on virtual labs. Learn how to extract SYSTEM hive files from live systems or disk images, analyze AppCompatCache, Autoruns, network and user data, and uncover critical forensic evidence.
$50
-
Investigating Windows User Registry Artifacts
CourseDive into Windows user registry forensics. Extract and analyze NTUSER.DAT and USRCLASS.DAT to trace application usage, browsing, search queries, and more, via hands-on labs that help you build accurate user activity timelines.
$50
-
Investigating Windows Shellbags
CourseExplore Windows Shellbag artifacts to reconstruct folder view history. Learn to parse BagMRU and Bags registry keys, analyze timestamp metadata, and infer accessed directories, even deleted ones, through practical forensic labs.
$50
-
Investigating USB Thumb Drives
CourseAnalyze Windows USB forensic artifacts in hands-on labs. Learn to identify device IDs, connection timestamps, drive letters, and registry entries (e.g. MountPoints and SetupAPI logs). Ideal for DFIR analysts and USB investigations.
$50
-
Volume Shadow Copies (VSC)
CourseLearn how Windows Volume Shadow Copies (VSS) work and how to use them in forensic investigations. Gain skills to detect, mount, and analyze shadow snapshots to recover previous file versions. Hands-on labs ideal for DFIR analysts.
$50
-
Investigating Windows Scheduled Tasks
CourseLearn how to parse Windows Scheduled Tasks artifacts using hands-on virtual labs. Understand task formats, registry and XML artifacts, and how to uncover forensic evidence from scheduled jobs. Free foundational training for DFIR investigators.
Free
-
Windows Event Logs
Course5.0 average rating (1 review)Learn how to extract, analyze, and interpret Windows Event Logs using real-world forensic techniques. Dive into Event Viewer artifacts, log types, policy auditing, and extraction methods through guided virtual labs. Ideal for DFIR and SOC analysts.
$50