Products
-
Time Zone Conversions
Course4.5 average rating (2 reviews)This course covers the required digital forensic skills to inspect and understand the different timestamps that could be seen during an investigation and learn how to convert between timezones.
Free
-
Investigating Windows LNK Files and JumpLists
CourseInvestigate Windows LNK and JumpList artifacts in hands‑on labs. Learn to parse .lnk files and JumpLists, trace file usage, determine storage paths, even for deleted files. Essential training in user activity forensic analysis.
$50
-
Investigating Windows Thumb Caches
CourseDive into Windows thumbnail cache forensics using hands‑on labs. Learn to analyze Thumbs.db and thumbcache_xxx.db, uncover hidden file previews, and reconstruct user activity. Ideal for DFIR analysts and forensic investigators.
$50
-
Investigating Windows System Registry Artifacts
CourseExplore key Windows system registry artifacts using hands‑on virtual labs. Learn how to extract SYSTEM hive files from live systems or disk images, analyze AppCompatCache, Autoruns, network and user data, and uncover critical forensic evidence.
$50
-
Investigating Windows User Registry Artifacts
CourseDive into Windows user registry forensics. Extract and analyze NTUSER.DAT and USRCLASS.DAT to trace application usage, browsing, search queries, and more, via hands-on labs that help you build accurate user activity timelines.
$50
-
Investigating Windows Shellbags
CourseExplore Windows Shellbag artifacts to reconstruct folder view history. Learn to parse BagMRU and Bags registry keys, analyze timestamp metadata, and infer accessed directories, even deleted ones, through practical forensic labs.
$50
-
Investigating USB Thumb Drives
CourseAnalyze Windows USB forensic artifacts in hands-on labs. Learn to identify device IDs, connection timestamps, drive letters, and registry entries (e.g. MountPoints and SetupAPI logs). Ideal for DFIR analysts and USB investigations.
$50
-
Volume Shadow Copies (VSC)
CourseLearn how Windows Volume Shadow Copies (VSS) work and how to use them in forensic investigations. Gain skills to detect, mount, and analyze shadow snapshots to recover previous file versions. Hands-on labs ideal for DFIR analysts.
$50
-
Investigating Windows Scheduled Tasks
CourseLearn how to parse Windows Scheduled Tasks artifacts using hands-on virtual labs. Understand task formats, registry and XML artifacts, and how to uncover forensic evidence from scheduled jobs. Free foundational training for DFIR investigators.
Free