Course Description

Dive into the critical world of Windows forensics with this bootcamp designed for investigators and cybersecurity professionals. This intensive training focuses on practical, hands-on labs to uncover and analyze forensic artifacts generated by user and process interactions within the Windows operating system.

What You’ll Learn:
  • Core Windows Artifacts: Explore key forensic artifacts, including file system changes, registry entries, and system events.
  • Application Analysis: Analyze popular applications like Skype and OneDrive to identify user activity and uncover potential evidence.
  • Services and Processes: Understand how services and processes leave traces that can be invaluable during investigations.
  • Actionable Evidence: Learn to interpret system logs and event data to build comprehensive forensic reports.

  • Whether you’re a beginner or looking to sharpen your skills, this crash course equips you with the tools and techniques to efficiently investigate Windows environments.

    Training Delivery Details

    Instructor Led Training

    Live Training: Two Days, May 13th - May 14th | 8 hours / Day | Includes 24 hours of virtual lab access | Certification of Attendance

    The course material includes full access to our
    C5W-200 WINDOWS FORENSICS

    Sessions starts from 9 AM to 5 PM (Eastern Time) with a 30 minute lunch break each day

    Syllabus

    The course covers Windows forensics essentials, including artifacts, registry, USB investigations, shadow copies, and system events.

      Windows Forensic Analysis

    • Windows Basics
      • Users and Groups
      • Parsing SID Manually
      • Recycle Bin
      • Thumbnails
    • LNK Files and Jump Lists
    • System and User Program Activity
      • Prefetch Files
      • UserAssist
      • Background Activity Moderator (BAM)
      • System Resource Usage Monitor (SRUM)
      • and Other Subjects
    • Windows Registry
      • Structure of Windows Registry
      • System Artifacts
      • User Artifacts
    • Investigating USB Thumb Drives
    • Analyzing Shellbags
    • Volume Shadow Copies & File History
    • Windows Events
    • Windows Scheduled Tasks
    • Windows Search

    Course Material

    • Slide Notes & Lab Documents

      Training material including the course slides, lab documents, and references for further reading.

    • Forensic Dataset

      This course includes forensic images and files designed for hands-on labs, providing practical experience with real-world scenarios.

    • Certificate of Attendance

      At the end of the course, you will receive a Certificate of Completion that proves you have attended the course.

    • Considering certification?

      This bootcamp prepares you for the CCDFA certification, but knowledge in disk analysis is also required.

    Learning Objectives

    After completing this course, the student will be able to perform the following:

    • Ability to investigate Windows Basic Artifacts

    • Understand Timestamps & Timezone Conversions

    • Investigating Windows Program Execution Artifacts

    • Investigating Windows Registry and Windows Shellbags

    • Investigating USB Thumb Drives

    • Volume Shadow Copies & File History

    • Working with Windows Events Logs

    • Investigating Windows Scheduled Tasks & Windows Notifications

    Instructor

    Joe Walsh has been investigating crimes involving technology and conducting digital forensics examinations for fifteen years. He earned a bachelor's degree in Information Systems, a M.A. in Criminal Justice with a concentration in Digital Forensics, and a M.S. in Information Systems with a concentration in Cyber Security. He is currently pursuing a Ph.D. in Information Systems with a concentration in Cyber Security. He has attended more than 2,000 hours of training and holds several internationally recognized certifications in computer security and digital forensics. His current research interests include the Internet of Things (IoT). 

    Joe has been a law enforcement officer for sixteen years. He is currently a detective and serves as the director of a digital forensics lab. He is a member of a Homeland Security Investigations (HSI) task force that investigates cyber crime and was previously a FBI task force officer (TFO). He has also worked as a security consultant, where he was involved in hundreds of engagements, including responding to computer security incidents, conducting security assessments, and performing physical penetration testing. He has been teaching for more than 10 years. His teaching experience includes teaching undergraduate and graduate courses as well as boot camp courses.

    Prerequisites

    Basic Knowledge in Digital Forensic. Gain basic knowledge in digital forensics with the free course 'Introduction to Digital Forensics,' offered by C5W.

    The Value of the Training

    With a global market share exceeding 73%, Windows OS is involved in the majority of forensic cases. This course equips students with the essential skills to perform comprehensive forensic investigations on the Windows operating system.

    Refund Policy:

    Refund requests for In-person and Online Virtual Training are accepted before the refund deadline and as long as the online course has not been accessed. To initiate a refund, please submit your request to [email protected]. The registration fee will be refunded, minus a $50 refund processing fee, to the original payment method. Please be advised that CYBER 5W OnDemand Courses are non-refundable and non-transferable once payment has been completed and course material has been accessed.