Course curriculum

    1. Overview

    2. Technical Requirements

    3. Required Files

    1. Workshop Questions

    1. BSides Amman 2021 2nd Edition: Windows Forensics Workshop Recording

About this course

  • Free
  • 5 lessons
  • 0 hours of video content

Learning Outcomes

After completing this course, you will learn the following.

  • Learn how to mount an E01 forensic image

  • Learn how to use different tools to analyze Windows artifacts (e.g. JumpLists, Prefetch Files, LNK, etc)

  • Learn how to correlate between different evidences to find answers

Technical Requirements

For the hands-on labs in this course

  • Windows 10 operating system (recommended)

  • Eric Zimmerman Tools, here

  • Arsenal Imager Mounter, here

  • 010 Editor, here

  • HxD, here

  • WinPrefetch View, here

  • PowerShell Scripts/etc, here

  • RegRipper 3, here

  • Autopsy, here

  • DCode Timestamp Decoder, here

What is next at Cyber 5W?

Add your email to receive updates on new courses.

Thank You