Home Specialist skills Security FOR500: Windows Forensics Analysis

FOR500: Windows Forensics Analysis

Learn state-of-the-art forensic tools and analysis methods to detail nearly every action a suspect accomplished on a Windows system, including who placed an artefact on the system and how, program execution, file/folder opening, geolocation, browser history, profile USB device usage, cloud storage usage and more
Know how to uncover the exact time that a specific user last executed a program through Registry and Windows artefact analysis, and understand how this information can be used to prove intent in cases such as intellectual property theft, hacker-breached systems and traditional crimes
Learn to use Windows Shell Bag analysis tools to articulate every folder and directory a user or attacker interacted with while accessing local, removable and network drives
Understand how to find where a crime was committed using Registry data and pinpoint the geolocation of a system by examining connected networks and wireless access points
Know how to use browser forensic tools to perform detailed web browser analysis, parse raw SQLite and ESE databases and leverage session recovery artefacts to identify web activity, even if privacy cleaners and in-private browsing software are used

Overview

Off the shelf (OTS)

FOR500 builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating systems by analysing and authenticating forensic data as well as track detailed user activity and organise findings. It teaches students to apply digital forensic methodologies to a variety of case types and situations, allowing them to apply in the real world the right methodology to achieve the best outcome.