C5W DIGITAL FORENSIC ANALYSIS - On-Demand Course

On-Demand Course Includes:
Course Material | Labs | Certification Attendance | Exam Voucher

Regular Enrollment

$350.00

Enroll Now

The number of incidents being reported is rapidly increasing every year. Organizations need to respond to these incidents and investigate what, when, why, where, who, and how they happened. This requires special skills and knowledge in systems and how they operate. This is not a simple task that can be handled by an IT professional, but only those trained to acquire and analyze information in a forensically sound manner.

Cyber 5W Digital Forensic Analysis course will guide students on how to conduct digital investigations and write investigative forensic reports. This course uses an experiential learning process for training students, where students learn digital forensics by doing investigative tasks on real-world cases. Students will learn how to perform evidence acquisition and how to deal with disks and file systems, and then explore the forensic artifacts one may encounter when working with the Windows operating system.

Learners who complete the course and pass the exam will earn the C5W Certified Digital Forensic Analyst (CCDFA).

1. Welcome & Lab Access
2. Before You Start (Beginning of the Course)
3. Downloads
4. Upgrading Your VM Tools
5. Release Notes
6. Want to Build Your Own Environment?
7. Installing WSL2 on Windows 11
1. What is Digital Forensics
2. Digital Forensics Investigation
3. Check Your Knowledge #1
4. What is the Digital Evidence
5. Digital Devices
6. Legal Aspects
7. Types of Digital Forensic Investigation
8. Challenges of Digital Forensics
9. Alternative Windows VM for Labs
10. Lab #1 - Importing VMWare Virtual Machine
11. Importing Virtual Machine to VMWare
12. Configuring VMWare and VMTools
13. Configuring a Shared Directory between the Host and VM
14. Coping and Mounting CCDFA VHD Tools Drive
15. Adding Extra Drive to VM
16. Lab #2 - Importing VirtualBox Virtual Machine
17. Working with Virtual Hard Disk
1. Evidence Acquisition - Slides
2. Data Acquisition Concepts
3. Data Validation
4. Acquisition Methods
5. Forensic Image File formats
6. Check Your Knowledge #1
7. Why Evidence Acquisition Is Important?
8. Must-Know First Response actions
9. Sanitization
10. Hardwipe Tool
11. Cygwin Tools (dd command in Windows)
12. Check Your Knowledge #2
13. Required Files
14. Lab #1 - Sanitizing the Target Media
15. Lab #1 - Sanitizing the Target Media (Solution)
16. Evidence Data Acquisition
17. Memory Dump
18. Memory Dump using WinPmem
19. Tools for Memory Dump
20. Disk Drive Imaging
21. Other Forensic Tools
22. Required Files
23. Lab #2 - Creating Forensic Images
24. Lab #2 - Creating Forensic Images (Solution)
25. Examples of Hardware Acquisition Tools
26. Using UltraDock Write-Blocker
27. Resources
1. Introduction to Image Mounting
2. Arsenal Image Mounter
3. OSFMount
4. Other Forensic Image Mounting Tools
5. Check Your Knowledge #1
6. Required Files
7. Lab #1 - Mounting using AIM
8. Lab #1 - Mounting using AIM (Solution)
9. Resources
1. Working with FTK Imager - Slides
2. Forensic Toolkit Imager
3. Required Files
4. Install FTK Locally
5. Install FTK on a Portable Device (USB)
6. Required Files
7. Digital Evidence Acquisition
8. Memory Acquisition
9. Disk Acquisition
10. Check Your Knowledge #1
11. Lab #1 - Creating an E01 Image
12. Lab #1 - Creating an E01 Image (Solutions)
13. Lab #2 - Image Format
14. Lab #2 - Image Format (Solutions)
15. Lab #3 - Logical & Physical Image
16. Lab #3 - Logical & Physical Image (Solutions)
17. Required Files
18. Add Evidence Item to FTK Imager
19. Create and verify a multi-part disk images
20. Loading a multi-part disk image
21. Check Your Knowledge #2
22. Required Files
23. Evidence Analysis
24. Exporting Data using FTK Imager
25. Detect EFS Encryption
26. Lab #4 - Exporting Evidence
27. Lab #4 - Exporting Evidence (Solutions)
28. Acquiring Protected Registry Files
29. Copying Registry Files
30. Required Files
31. Interpreter
32. Lab #5 - Interpreting Evidence
33. Lab #5 - Interpreting Evidence (Solutions)
34. Required Files
35. Custom Content Images
36. AD Encryption
37. Lab #6 - Creating Custom Images
38. Lab #6 - Creating Custom Images (Solutions)
39. Required Files
40. Image Mounting
41. Steps of Image Mounting
42. Mount Multi-Part Raw Disk Image with FTK
1. Data Representation
2. Introduction to Numbering System
3. Decimal Number System (Base 10)
4. Binary System (Base 2)
5. Hexadecimal (Base 16)
6. Octal (Base 8)
7. Byte Ordering
8. Introduction to Text Code
9. ASCII Code
10. Unicode
11. Lab #1 - Numbering System
12. Lab #1 - Numbering System (Solutions)
13. Introduction to File Identification
14. Installation of HxD Editor
15. Working with HxD Editor
16. Installation of 010 Editor
17. Working with 010 Editor
18. 010 Editor Course
19. Introduction to File Signature
20. Required Files
21. Text Files
22. Microsoft Word Files
23. PDF Files
24. TAR Files
25. Zip Files
26. PNG Files
27. JPEG Files
28. EXE Files
29. MP3 Files
30. MP4 Files
31. System Metadata
32. Embedded Metadata
33. Required Files
34. Lab #1 - Metadata & Hex-Editor Case 1
35. Lab #2 - Metadata & Hex-Editor Case 2
36. Lab #3 - Metadata & Hex-Editor Case 3
37. Lab - Metadata & Hex-Editor (Solutions)
38. Resources
39. Required Files
40. File Metadata Lab
41. File Metadata Lab solutions
1. Time Zones Conversion - Slides
2. Timezone and Timezone Conversion
3. Introduction
4. Converting Times
5. Converting Dates
6. Lab #1 - Timezone Conversion
7. Lab #1 - Timezone Conversion (Solutions)
8. Check Your Knowledge
9. Resources
1. What is the Forensics Report ?
2. Preparing For Forensics Report
3. The Importance of the Forensics Report
4. Why Documenting is Important?
5. Forensics Report Sections
6. Reporting Standards And Guidelines
7. Report Template
8. Before Writing the Forensics Report
1. Hard Disk
2. Required Files (Disk Analysis)
3. Disks Layout - MBR - Slides
4. Lab #1 - Working with MBR Partitions
5. Lab #1 - Working with MBR Partitions (Solution using 010 Editor)
6. Lab #1 - Working with MBR Partitions (Solution using WinHex)
7. Disks Layout - GPT - Slides
8. Lab #2 - Working with GPT Partitions
9. Lab #2 - Working with GPT Partitions (Solution)
10. Disks Layout - Extended MBR - Slides
11. Lab #3 - Working with Extended Disk Partitions
12. Required Files (Fixing Corrupted Disks)
13. Attaching VHDs to Your System
14. Lab #4 - Fixing Corrupted Disks (MBR Disk)
15. Lab #4 - Fixing Corrupted Disks (MBR Disk Solution)
16. Lab #5 - Fixing Corrupted Disks (GPT Disk)
17. Lab #5 - Fixing Corrupted Disks (GPT Disk Solution)
18. Lab #6 - Fixing GPT Disk Drives
19. Lab #6a - Fixing Corrupted GPT Drive - Case #1
  FREE PREVIEW
20. Lab #6b - Fixing Corrupted GPT Drive - Case #2
  FREE PREVIEW
21. Lab #6c - Fixing Corrupted GPT Drive - Case #3
  FREE PREVIEW
22. Lab #7 - Fixing MBR Disk Drives
23. Lab #7a - Fixing Corrupted MBR Drive - Case #1
  FREE PREVIEW
24. Resources - Extra Reading
1. What is File System
2. Required Files (FAT Analysis)
3. FAT File System - Basics - Slides
4. Intro to FAT File System
5. Lab #1 - Analyzing FAT Structure
6. FAT File System - Directory Entry - Slides
7. FAT File System - Timestamps - Slides
8. Lab #2 - Analyzing FAT File System
9. Lab #2 - Analyzing FAT File System (Solution)
10. Lab #3 - Analyzing FAT File System
11. Lab #3 - Analyzing FAT File System (Solution using 010 Editor)
12. Lab #3 - Analyzing FAT File System (Solution using WinHex)
13. NTFS
14. Required Files (NTFS Analysis)
15. NTFS Basics - Slides
16. NTFS MFT - Slides
17. Lab #6 - Analyzing the MFT File
18. Lab #6 - Analyzing the MFT File (Solution)
19. Lab #7 - Analyzing the MFT File
20. Lab #8 - Working with Data Attributes
21. Lab #8 - Working with Data Attributes (Solution)
22. MFT Slack Space
23. NTFS Dataruns and Fragmented Files
24. NTFS Fixups - Slides
25. Lab #9 - Working with Links
26. Lab #9 - Working with Links using MFT Browser (Solution)
27. Lab #9 - Working with Links using MFTECmd (Solution)
28. NTFS Journaling - Slides
29. Lab #10 - Working with UsnJrnl
30. NTFS INDX Buffers - Slides
31. Lab #11 - Working with Journals and Indexes
32. Lab #12 - NTFS Challenge
33. Lab #12 - NTFS Challenge (Solution A)
34. Lab #12 - NTFS Challenge (Solution B)
35. Ext4
36. NTFS vs EXT4
37. Timestamps and File Operations
38. Required Files
39. Lab #13 - Inspecting Timestamps
40. Quick Intro to .ad1 Files
41. Howto Load .ad1 Images using FTK Imager
42. Lab #13 - Inspecting Timestamps (Solution)
43. Lab #14 - Simple UsnJrnl Analysis
44. Lab #14 - Parsing UsnJrnl and Creating a Body File (Solution)
45. Lab #14 - UsnJrnl Analysis (Solution)
46. Lab #14 - Quick Timeline Overview (Solution)
47. Extra Reading Resources
1. Required Files
2. Introduction to File Carving - Slides
3. Introduction to Data Carving
4. Manual Data Carving - Using Hex Editor
5. Manual Data Carving - Carving an Image from a Doc File
6. Automatic Data Carving - Photorec
7. Automatic Data Carving - Foremost
8. Required Files
9. Lab #1 - Manual File Carving
10. Lab #1 - Manual File Carving (Solution)
11. Lab #2 - File Carving using PhotoRec
12. Lab #2 - File Carving using PhotoRec (Solution)
13. Lab #3 - File Carving using Foremost
14. Lab #3 - File Carving using Foremost (Solution)
15. Extra Reading Resources
1. Windows Basics - Slides
2. Windows Basics
3. Recycle Bin
4. Tools Requirements
5. File Formats
6. Check Your Knowledge #1
7. Lab #1 - Hands-on
8. Lab #1 - Hands-on (Solution)
9. Using Recycle Bin Tools
10. Recovering Permanently Deleted Files
11. Required Files
12. Lab #2 - Recycle Bin
13. Lab #2 - Recycle Bin (Solution)
14. Lab #2 - Parsing Recycle Bin Artifacts using RBCmd (Solution)
15. Thumbnail Caches - Slides
16. Thumbnail Caches - Intro
17. Howto Fix the Windows.edb Database
18. Required Files
19. Lab #3 - Thumbnails
20. Lab #3 - Thumbnails (Solution)
21. Lab #4 - Thumbnails
22. Lab #4 - Thumbnails (Solution)
23. Lab #5 - Thumbnails Case Study (self-study)
24. Lab #5 - Thumbnails Case Study (Solution)
25. Lab #5 - Thumbnails Case Study (Solution)
1. LNK Files - Slides
2. LNK Files - Intro
3. Required Files
4. Lab #1 - LNK Files
5. Lab #1 - LNK Files (Solution)
6. Lab #2 - LNK Files
7. Lab #2 - LNK Files (Solution)
8. Lab #3 - LNK Files
9. Lab #3 - LNK Files (Solution)
10. LNK Files, Zone Identifiers, and New Findings
11. JumpList - Slides
12. Jump Lists
13. Required Files
14. Lab #4 - Jump Lists
15. Lab #4 - Jump Lists (Solution)
16. Extra Reading
1. Welcome to "Investigating Windows Program Executions"!
2. Prefetch - Slides
3. Intro. to Prefetch Files
4. Analyzing Prefetch Files
5. PECmd
6. WinPrefetchView
7. Lab #1 - Prefetch
8. Lab #1 - Prefetch (Solution)
9. Intro. to AmCache
10. Analyzing AmCache
11. Analyzing with Registry Explorer
12. Analyzing with AmCacheParser
13. Lab #2 - AmCache
14. Lab #2 - AmCache (Solution)
15. Intro. to AppCompatCache (Shimcache)
16. Analyzing with AppCompatCacheParser
17. Analyzing using RegRipper
18. Lab #3 - AppCompatCache (Shimcache)
19. Lab #3 - AppCompatCache (Solution)
20. Intro. to UserAssist
21. Analyzing UserAssist
22. Lab #4 - UserAssist
23. Lab #4 - UserAssist (Solution)
24. Intro. to Background Activity Moderator (BAM)
25. Analyzing BAM
26. Analyzing SRUM using Chainsaw
27. Extra Reading
28. Required Files
1. Welcome to Windows Registry
2. Windows Registry - Slides 1
3. Windows Registry - Slides 2
4. The Structure of Windows Registry
5. Check Your Knowledge #1
6. Extract Hives through Command Line - Live System
7. Extract Hives through Registry Editor - Live System
8. Extract Hives through FTK Imager - Live System
9. Extract Hives through FTK Imager - Disk Image
10. Registry Explorer
11. RegRipper
12. Using the RegRipper GUI
13. RegRipper Command Line Tool
14. Autoruns
15. Download and Live System Analysis
16. Saved Hive / Offline Analysis
17. Investigating Windows Registry Hives: System Artifacts
18. Basic System Information
19. Basic System Information - Cont..
20. Check Your Knowledge #2
21. TimeZone
22. Check Your Knowledge #3
23. User Information
24. Security Identifier (SID)
25. Login Information
26. Internet Network Information
27. Check Your Knowledge #4
28. AppCompatCache or ShimCache
29. Other System Information
30. Malware
31. Lab #1 - Windows Registry
32. Lab #1 - Windows Registry (Solution)
33. Windows Registry User Artifacts Introduction
34. NTUSER.DAT and USRCLASS.DAT File Extraction
35. View Files Through RegEdit – Live System
36. Extract Files Through RegEdit – Live System
37. Extract Files Through FTK Imager – Live System
38. Extract Files Through FTK Imager – Disk Image
39. Last Write Timestamps
40. Check Your Knowledge #5
41. Application Usage - Part 1
42. Application Usage - Part 2
43. Application Usage - Part 3
44. Application Usage - Part 4
45. Check Your Knowledge #6
46. Internet Browsing
47. Search Queries
48. Other Artifacts
49. Check Your Knowledge #7
50. Check Your Knowledge #8
51. Lab #2 - Windows Registry
52. Lab #2 - Windows Registry (Solutions)
53. Parsing Windows Registry Run Keys using RegRipper
54. The Windows Registry Run Key Mystery
55. Extra Reading
1. USB Artifacts - Slides
2. Introduction to USB Forensics
3. How USBS Work
4. USB Registry Artifacts
5. USB Basic Information
6. Mounted Devices
7. MountPoints
8. Volume Serial Number
9. USB Timestamps
10. Check Your Knowledge #1
11. RegRipper USB Plugin
12. Use Case: USB Artifacts in Windows Registry
13. Introduction to USB Artifacts in Shellbags
14. Use Case: USB Artifacts in Windows Shellbags
15. USB Windows Event Viewer Artifacts
16. Using Windows Event Viewer
17. Extracting Logs from a Disk Image
18. USB Artifacts in the Setupapi.dev.log File
19. Parsing the Setupapi Log
20. Other USB Analysis Tools
21. Installing & Using USB Detective
22. NirSoft USBDeview
23. USB Artifacts Cheat Sheet
24. Check Your Knowledge #2
25. Lab #1 - USB Forensics
26. Lab #1 - USB Forensics (Solution)
27. Extra Reading
1. ShellBags - Slides
2. Introduction to Shellbags
3. Forensic Importance of Shellbags
4. Check your Knowledge #1
5. Shellbags Explorer - GUI
6. Shellbags Explorer – Command-line
7. ShellBagsView
8. RegRipper
9. Decoding Shellbag Artifacts
10. BagMRU
11. Bags
12. LastWrite Timestamp
13. LastWrite Timestamps Caveat
14. Required Files
15. Check Your Knowledge #2
16. Lab #1 - Windows Shellbags
17. Lab #1 - Windows Shellbags (Solutions)
18. Conclusion
1. Volume Shadow Copy - Slides
2. Volume Shadow Copies
3. Introduction
4. How VSS Works
5. Forensic Importance
6. Managing Volume Shadow Copies
7. Volume Shadow Copy Registry Management
8. VssAdmin
9. Check your Knowledge #1
10. Accessing Live Volume Shadow Copies
11. Shadow Explorer
12. Extracting Files From A Volume Shadow Copy
13. Extracting Files From A Volume Shadow Copy - Exercise
14. Investigating VSC Registries
15. Accessing Forensic Image Volume Shadow Copies
16. Arsenal Image Mounter
17. VSCMount
18. VSC Binary Format
19. Catalog
20. Store
21. Check your Knowledge #2
22. Conclusion
23. Required Files
24. Lab #1 - Investigating Volume Shadow Copies
25. Lab #2 - More Volume Shadow Copy
26. Using VSC Toolset with RegRipper
27. References
28. Further Reading
1. Windows Event Logs - Slides
2. Windows Event Viewer Forensics
3. Navigating Windows Event Viewer
4. Searching For Events
5. Types of Events
6. Enabling Logs & Changing Log Settings
7. Enable Auditing Through Group Policy
8. Enable Logging through Event Viewer
9. Event Log Settings
10. Extracting and Importing Event Logs
11. Extracting an Event Log from a Disk Image
12. Importing an Event Log File
13. Check Your Knowledge #1
14. Event Logs Artifacts
15. System Log
16. Security Log #1
17. Security Log #2
18. Security Logs #3
19. Security Logs #4
20. Security Logs #5
21. Security Logs #6
22. Security Logs #7
23. Check your Knowledge #2
24. Application Log
25. Applications & Services Log #1
26. Applications & Services Log #2
27. Other Tools: Event Log Parser
28. Required Files
29. Lab #1 - Investigating Windows Events
30. Lab #1 - Investigating Windows Events (Solution)
31. Lab #2
32. Lab #2 - Solutions
33. Lab #3
34. Lab #3 - Solutions
35. Conclusion
36. References
37. Extra Reading Resources
1. Scheduled Tasks - Slides
2. Introduction to Scheduled Task
3. File Format
4. Scheduled Task Tools
5. Required Files
6. Lab #1 - Scheduled Tasks
7. Lab #1 - Scheduled Tasks (Solution)
8. Scheduled Tasks and GhostTask Investigations
9. Extra Reading Resources
1. Search Artifacts - Slides
2. Fixing Windows.edb
3. Loading a Dirty vs Clean Windows.edb
4. Extra Reading Resources
1. Required Files
2. Lab #1 - Working with Autopsy
3. Lab #1 - Working with Autopsy (Solution)
4. Extra Reading Resources
1. Required Files
2. The Joker
1. Kroll Artifact Parser and Extractor or KAPE
2. Intro to KAPE
3. Where to use KAPE?
4. KAPE Targets
5. KAPE Targets (Acquiring Evidence)
6. KAPE Modules
7. KAPE Modules (Processing Acquired Evidence)
1. CCDFA Exam
2. Required Skills
3. Howto Start the Exam?
4. FAQ
1. Before You Go (End of the Course)
1. Books, Papers, and other Resources

🗣️ What Learners Are Saying

⭐ Real feedback from learners who’ve taken the C5W Digital Forensics Analyst Exam ⭐

Dean Boyer

Although this exam had its challenges, I thoroughly enjoyed the process and I recommend Ali and Jessica for continuing to challenge me even after 15 years of forensics work.
kevin pagano

This test is different than most where it's not multiple choice questions but rather a complete practical examination of a predefined set of evidence. Your final report of your findings is then graded with a 70% required to pass.
Bandr Alkhuzaie

It has been a game-changer for me during this exam, and I would encourage everyone to take the course and start the #dfir journey.

Frequently asked questions

How do I purchase a course?

You can enroll in any course directly through our platform using secure online payment via Stripe.
How do I access my course after enrollment?

Once payment is complete, you will be redirected to the course and receive a confirmation email. You may also log in at any time to access your content via the My Dashboard section.
How long will I have access to the course material?

Lifetime access while the course remains available, with a guaranteed minimum of 1 year, even if it is updated or retired.
What are the general technical requirements?
Our platform is accessible from any device with internet access. For hands-on labs, we recommend:

A modern operating system capable of running virtual machines

8 GB RAM (minimum)

500 GB disk space

Hypervisor software: Virtualbox, VMWare, HyperV, etc

Alternatively, we offer fully hosted Virtual Labs that allow you to complete technical exercises via the cloud. Please check our labs at: labs.cyber5w.com.
Can I ask for help if I don't understand something?

Of course! Reach out by email anytime.
What is the expected time commitment for each course?

Each course is self-paced and designed to accommodate different learning speeds. The time you'll need depends on your current knowledge, experience, and how deeply you choose to engage with the materials and hands-on labs.
Do you offer student discounts?

Yes, we offer a 25% discount to verified university or college students (must register with a valid academic email). Please contact us at [email protected] after registering and before purchasing.
Do you offer law enforcement and military professionals discounts?

Yes, we offer a 25% discount to active law enforcement and military professionals (official verification required). Please contact us at [email protected] after registering and before purchasing.
Do you offer corporate training or customized training solutions?

Absolutely. We provide customized training solutions for teams, security operations centers, and government entities, including on-site workshops, simulations, and private lab access. Please contact us at [email protected] for arrangement.
Do your courses include Certificate of Completion?

All of our courses include a Certificate of Completion, awarded upon successful completion of lessons, labs, or a final exam (where applicable). These certificates are designed to support your professional development in the DFIR and cybersecurity fields.
Do you deliver on-site training for employees?

Yes, we tailor on-site training programs to your team's specific needs. Please contact us to discuss options, dates, and pricing.
Do you travel internationally?

Yes. Our instructors can deliver on-site training globally. Travel expenses will apply.
How long are your on-site training sessions?

Courses can range from one-day workshops to multi-week immersive programs, depending on your goals.
Can we customize the syllabus?

Absolutely! We work with you to design a tailored syllabus that matches your team's skill level and focus areas.
Do you provide virtual lab access?

Yes, all labs are accessible at labs.cyber5w.com.
What if my computer isn't good enough for the labs?

No worries, you can complete all exercises in our prebuilt virtual lab environment. No special hardware is needed, only a modern web browser to access the online labs.
What software or tools are installed in the virtual labs?

Each lab comes preloaded with the tools you'll need to successfully complete the exercises in the course you are learning.
How long do I have access to the labs?

Your virtual lab access comes with a predefined set of hours, but you can extend the lab access time as preferred (optional).
What professional certifications can I earn?
Cyber5W offers a series of hands-on, industry-recognized certifications to validate your expertise in digital forensics and threat analysis. These certifications are available as optional exams after completing the relevant training.

Cyber 5W Certified Digital Forensic Analyst (CCDFA)

Cyber 5W Certified Linux Forensic Analyst (CCLFA)

Cyber 5W Certified Malware Analyst (CCMA)

Cyber 5W Certified Threat Analyst (CCTA)

Note: Detailed exam requirements, structure, and registration links are available on each certification's dedicated page. Each exam comes with 1 retake.
I'm new to DFIR, which professional certifications are available for beginners?
Cyber 5W Certified Digital Forensics Evidence Handler

Cyber 5W Certified Digital Forensics Foundations)

Note: DetailedDetailed exam requirements, structure, and registration links are available on each certification's dedicated page.
Can I retake a test if I do not pass the exam?

Yes, we allow multiple retake attempts. Check your exam specifics or contact support if you need further help.
What support is available during an exam?

You may email [email protected] for logistics and technical issues, but no exam-specific assistance will be provided.
How are CYBER 5W certification exams different from traditional tests?

At CYBER 5W, our certification exams are skill-based, not just multiple-choice. We assess your practical knowledge through real-world tasks to ensure you can apply what you've learned.

Still have questions?

Can't find the answer you're looking for? Please chat to our friendly team.

Get in touch

Coming soon!

Sign up for the latest findings, field advancements, and updates on upcoming webinars, conferences, seminars, and free courses.

C5W DIGITAL FORENSIC ANALYSIS - On-Demand Course

On-Demand Course Includes:
Course Material | Labs | Certification Attendance | Exam Voucher

Regular Enrollment

$350.00

Before You Start

Introduction to Digital Forensics

Evidence and Evidence Acquisition

Mounting Your Evidence

Working with FTK Imager

Data Representation and File Analysis

Time Zones and Dates (Timestamps)

Writing a Report

Disk Analysis (MBR & GPT)

Analyzing File Systems

File and Data Carving

Windows Forensics Basics

LNK Files and Jump Lists

Prefetch Files and User Execution

Windows Registry

Investigating USB Thumb Drives

Analyzing Shellbags

Investigating Volume Shadow Copies & File History

Windows Events

Windows Scheduled Tasks

Windows Search

Autopsy

Case Study - Challenge

Working with KAPE

Getting Certified

Before You Go (End of the Course)

Extra Reading

🗣️ What Learners Are Saying

Dean Boyer

kevin pagano

Bandr Alkhuzaie

Frequently asked questions

Still have questions?

Coming soon!