Course Curriculum

    1. Before We Start

    2. Windows Registry User Artifacts Introduction

    3. NTUSER.DAT and USRCLASS.DAT File Extraction

    4. View Files Through RegEdit – Live System

    5. Extract Files Through RegEdit – Live System

    6. Extract Files Through FTK Imager – Live System

    7. Extract Files Through FTK Imager – Disk Image

    8. Last Write Timestamps

    9. Check Your Knowledge

    1. Application Usage - Part 1

    2. Application Usage - Part 2

    3. Application Usage - Part 3

    4. Application Usage - Part 4

    5. Check Your Knowledge

    1. Internet Browsing

    1. Search Queries

    1. Other Artifacts

    2. Check Your Knowledge

    1. Check Your Knowledge

    2. Exercises 1 and 2

    3. Exercises 1 and 2 Solutions

About this course

  • $50.00
  • 21 lessons
  • 0 hours of video content

6 CPE Credits

After completing this course, you will earn:

Learning Outcomes

After completing this course, you will learn the following:

  •  The ability to extract the NTUSER.DAT and USRCLASS.DAT files from the registry

  •  Learning locations of various important forensic artifacts

Technical Requirements

For the hands-on labs in this course

  • Windows operating system (recommended Windows 10)

  • Internet connection

  • Installation of Registry Explorer/recmd

  • Installation of RegRipper

  • Installation of FTK Imager

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates

Thank You