Course Curriculum

  • 01


  • 02

    Guided Questions

    • Initial Investigation

    • Prefetch Files

    • Volume Shadow Copies

    • Jump Lists

    • Conclusion

  • 03


    • Case Study Solution

    • Solution Report

    • Finally, before you go...

Learning Outcomes

During this case you will learn how to investigate a system and locate evidence when the user encrypted some of their interesting files.

  • Learning how to utilize multiple artifacts together in an investigation.

  • Learning how to investigate software execution and file access history artifacts.

  • Learn how to find user activity related to files of interest, even though they are encrypted.

Technical Requirements

For the hands-on labs in this case study

  • Windows 10 operating system (recommended)

  • Internet Connection

  • FTK Imager here

  • Eric Zimmerman Tools here

  • ShadowExplorer here

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates.