Windows Forensics Workshop

Case Studies

BSides Amman 2021 Windows Forensics Workshop

In this workshop we will be investigating a policy violation case, where we go over different Windows artifacts that will help solve the case.

Get started now

Enroll for Free

Course curriculum

01
Introduction
- Overview
- Technical Requirements
- Required Files
02
Guided Questions
- Workshop Questions
03
Event Recording
- BSides Amman 2021 2nd Edition: Windows Forensics Workshop Recording

Course Type: Theory & Hands-on

Do-it-Yourself (DIY) Investigation

Learning Outcomes

After completing this course, you will learn the following.

Learn how to mount an E01 forensic image
Learn how to use different tools to analyze Windows artifacts (e.g. JumpLists, Prefetch Files, LNK, etc)
Learn how to correlate between different evidences to find answers

Technical Requirements

For the hands-on labs in this course

Windows 10 operating system (recommended)
Eric Zimmerman Tools, here
Arsenal Imager Mounter, here
010 Editor, here
HxD, here
WinPrefetch View, here
PowerShell Scripts/etc, here
RegRipper 3, here
Autopsy, here
DCode Timestamp Decoder, here

What is next at Cyber 5W?

Add your email to receive updates on new courses.