Investigating Windows Shellbags

Windows Forensics Track

Investigating Windows Shellbags

This course explores Windows shellbags. Throughout this course, you will learn what shellbags are, where they exist, why they exist, how to analyze them, and what they can be used for in forensic investigations.

Get Started Now

Enroll now for $50

Course Curriculum

01
Shellbag Introduction
- Introduction to Shellbags
- Forensic Importance of Shellbags
- Check your Knowledge
02
Shellbag Analysis Tools
- Shellbags Explorer - GUI
- Shellbags Explorer – Command-line
- ShellBagsView
- RegRipper
03
Decoding Shellbag Artifacts
- Decoding Shellbag Artifacts
- BagMRU
- Bags
- LastWrite Timestamp
- LastWrite Timestamps Caveat
04
Conclusion & Quizzes
- Conclusion
- Exercises #1
- Exercises #2
- Exercises #2 - Solutions

Course Type: Theory & Hands-on

6 CPE Credits

After completing this course, you will earn:

Get Started Now

Learn how to investigate Windows ShellBag

Enroll now for $50

Learning Outcomes

After completing this course, you will learn the following.

The ability to analyze and describe shellbag artifacts
The ability to utilize software to aid shellbag investigations

Technical Requirements

For the hands-on labs in this course

Windows machine (recommended Windows 10)
Internet connection
Registry Explorer
ShellBags Explorer

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates