Course Description

Dive into the critical world of Windows forensics with this bootcamp designed for investigators and cybersecurity professionals. This intensive training focuses on practical, hands-on labs to uncover and analyze forensic artifacts generated by user and process interactions within the Windows operating system.

What You’ll Learn:
  • Core Windows Artifacts: Explore key forensic artifacts, including file system changes, registry entries, and system events.
  • Application Analysis: Analyze popular applications like Skype and OneDrive to identify user activity and uncover potential evidence.
  • Services and Processes: Understand how services and processes leave traces that can be invaluable during investigations.
  • Actionable Evidence: Learn to interpret system logs and event data to build comprehensive forensic reports.

    • Whether you’re a beginner or looking to sharpen your skills, this crash course equips you with the tools and techniques to efficiently investigate Windows environments.

    Pricing options

    Seats are limited, so reserve yours today to ensure your spot!

    Syllabus

    The course covers Windows forensics essentials, including artifacts, registry, USB investigations, shadow copies, and system events.

      Windows Forensic Analysis

    • Windows Basics
      • Users and Groups
      • Parsing SID Manually
      • Recycle Bin
      • Thumbnails
    • LNK Files and Jump Lists
    • System and User Program Activity
      • Prefetch Files
      • UserAssist
      • Background Activity Moderator (BAM)
      • System Resource Usage Monitor (SRUM)
      • and Other Subjects
    • Windows Registry
      • Structure of Windows Registry
      • System Artifacts
      • User Artifacts
    • Investigating USB Thumb Drives
    • Analyzing Shellbags
    • Volume Shadow Copies & File History
    • Windows Events
    • Windows Scheduled Tasks
    • Windows Search

    Instructor

    Ali Hadi is a highly accomplished Senior Cybersecurity Specialist with over 14 years of professional experience in Information Technology. He currently serves as the Research Director at the Leahy Center for Digital Forensics and Cybersecurity, and as the Digital Forensics Program Director at Champlain College, USA. In his role at the Leahy Center, Ali focuses his research on Digital Forensics and Incident Response (DFIR) and Adversary Simulation. Additionally, he is a full-time professor and researcher at Champlain College's Digital Forensics and Cybersecurity Departments. Ali is also a Co-Founder of Cyber 5W. He holds a PhD and MSc in Computer Information Systems, alongside a BSc in Computer Science. Throughout his career, Ali has earned over 20 professional certifications. His expertise spans digital forensics, incident response, adversary simulation, offensive security, and malware analysis. As a sought-after consultant in cybersecurity, Ali offers his knowledge to various organizations, including government agencies and private sector firms. He is an established author, speaker, and freelance instructor, providing technical training across multiple sectors. Ali's commitment to the digital forensics community is unwavering, as he continues to promote forensics education and research. More details could be found here.

    Course Material

    • Slide Notes & Lab Documents

      Training material including the course slides, lab documents, and references for further reading.

    • Forensic Dataset

      This course includes forensic images and files designed for hands-on labs, providing practical experience with real-world scenarios.

    • Certificate of Attendance

      At the end of the course, you will receive a Certificate of Completion that proves you have attended the course.

    • Considering certification?

      This bootcamp prepares you for the CCDFA certification, but knowledge in disk analysis is also required.

    Learning Objectives

    After completing this course, the student will be able to perform the following:

    • Ability to investigate Windows Basic Artifacts

    • Understand Timestamps & Timezone Conversions

    • Investigating Windows Program Execution Artifacts

    • Investigating Windows Registry and Windows Shellbags

    • Investigating USB Thumb Drives

    • Volume Shadow Copies & File History

    • Working with Windows Events Logs

    • Investigating Windows Scheduled Tasks & Windows Notifications

    Prerequisites

    Basic Knowledge in Digital Forensic. Gain basic knowledge in digital forensics with the free course 'Introduction to Digital Forensics,' offered by C5W.

    The Value of the Training

    With a global market share exceeding 73%, Windows OS is involved in the majority of forensic cases. This course equips students with the essential skills to perform comprehensive forensic investigations on the Windows operating system.

    Cancellation Policy:

    Info you need to know to get a refund

    Full refunds will be provided up to 14 days before the course start date. You are allowed to change the course schedule up to 10 days before the course starts.