Course Curriculum

    1. Welcome to "Investigating Windows Program Executions"!

    1. The Definition of Prefetch

    2. Analyze Prefetch

    3. PECmd

    4. WinPrefetchView

    5. Prefetch Lab

    6. Prefetch Lab Solutions

    7. Required Files

    1. The Definition of AmCache

    2. Analyze AmCache

    3. Registry Explorer

    4. AmCacheParser

    5. AmCache Lab

    6. AmCache Lab Solutions

    1. The Definition of AppCompatCache (Shimcache)

    2. AppCompatCacheParser

    3. RegRipper

    4. AppCompatCache (Shimcache) Lab

    5. AppCompatCache (Shimcache) Lab Solutions

    1. The Definition of UserAssist

    2. Analyze the UserAssist

    3. UserAssist Lab

    4. UserAssist Lab Solutions

    1. The Definition of Background Activity Moderator (BAM)

    2. Analyze BAM

About this course

  • $50.00
  • 26 lessons
  • 0 hours of video content

6 CPE Credits

After completing this course, you will earn:

Learning Outcomes

After completing this course, you will learn the following.

  • You will be able to effectively locate and analyze execution artifacts.

  • You will be able to answer questions related to the significance and meaning of said artifacts.

  • You will be able use forensic tools introduced in relation to analyzing and extracting execution artifacts.

Technical Requirements

For the hands-on labs in this course

  • Windows machine (recommended Windows 10)

  • “Working with FTK Imager” or equivalent background

  • FTK Imager

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates

Thank You