Investigating Windows Shellbags

Windows Forensics Track

Investigating Windows Shellbags

This course explores Windows shellbags. Throughout this course, you will learn what shellbags are, where they exist, why they exist, how to analyze them, and what they can be used for in forensic investigations.

Get Started Now

Enroll now for $50

Course Curriculum

1. Introduction to Shellbags
2. Forensic Importance of Shellbags
3. Check your Knowledge
1. Shellbags Explorer - GUI
2. Shellbags Explorer – Command-line
3. ShellBagsView
4. RegRipper
1. Decoding Shellbag Artifacts
2. BagMRU
3. Bags
4. LastWrite Timestamp
5. LastWrite Timestamps Caveat
1. Conclusion
2. Exercises #1
3. Exercises #2
4. Exercises #2 - Solutions

About this course

$50.00
16 lessons
0 hours of video content

Course Type: Theory & Hands-on

6 CPE Credits

After completing this course, you will earn:

Get Started Now

Learn how to investigate Windows ShellBag

Enroll now for $50

Learning Outcomes

After completing this course, you will learn the following.

The ability to analyze and describe shellbag artifacts
The ability to utilize software to aid shellbag investigations

Technical Requirements

For the hands-on labs in this course

Windows machine (recommended Windows 10)
Internet connection
Registry Explorer
ShellBags Explorer

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates

Windows Forensics Track

Investigating Windows Shellbags

Get Started Now

Course Curriculum

Shellbag Introduction

Shellbag Analysis Tools

Decoding Shellbag Artifacts

Conclusion & Quizzes

About this course

Course Type: Theory & Hands-on

6 CPE Credits

Get Started Now

Learning Outcomes

Technical Requirements

What is next at Cyber 5W?