Products
-
Investigating Windows Shellbags
Explore Windows Shellbag artifacts to reconstruct folder view history. Learn to parse BagMRU and Bags registry keys, analyze timestamp metadata, and infer accessed directories, even deleted ones, through practical forensic labs.
Digital Forensics & Incident Response
$50
-
Investigating USB Thumb Drives
Analyze Windows USB forensic artifacts in hands-on labs. Learn to identify device IDs, connection timestamps, drive letters, and registry entries (e.g. MountPoints and SetupAPI logs). Ideal for DFIR analysts and USB investigations.
Digital Forensics & Incident Response
$50
-
Volume Shadow Copies (VSC)
Learn how Windows Volume Shadow Copies (VSS) work and how to use them in forensic investigations. Gain skills to detect, mount, and analyze shadow snapshots to recover previous file versions. Hands-on labs ideal for DFIR analysts.
Digital Forensics & Incident Response
$50
-
Investigating Windows Scheduled Tasks
Learn how to parse Windows Scheduled Tasks artifacts using hands-on virtual labs. Understand task formats, registry and XML artifacts, and how to uncover forensic evidence from scheduled jobs. Free foundational training for DFIR investigators.
Digital Forensics & Incident Response
Free
-
Windows Event Logs
5.0 average rating (1 review)Learn how to extract, analyze, and interpret Windows Event Logs using real-world forensic techniques. Dive into Event Viewer artifacts, log types, policy auditing, and extraction methods through guided virtual labs. Ideal for DFIR and SOC analysts.
Digital Forensics & Incident Response
$50
-
BSides Amman 2021 Windows Forensics Workshop
In this workshop we will be investigating a policy violation case, where we go over different Windows artifacts that will help solve the case.
Workshops & Case Studies Digital Forensics & Incident Response
Free