Course curriculum

Learning Outcomes

During this case you will learn how to investigate a system and locate evidence when the user encrypted some of their interesting files.

  • Learning how to utilize multiple artifacts together in an investigation.

  • Learning how to investigate software execution and file access history artifacts.

  • Learn how to find user activity related to files of interest, even though they are encrypted.

Technical Requirements

For the hands-on labs in this case study

  • Windows 10 operating system (recommended)

  • Internet Connection

  • FTK Imager here

  • Eric Zimmerman Tools here

  • ShadowExplorer here

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates.