Windows Forensic Investigations
|Date:||Nov 19, 2019|
This course is open to all levels of forensic examiners. It is comprehensive and in-depth with the curriculum guiding the analysts from hands-on analysis to practical assessments involving the investigative analysis of Windows-based evidence.
Take your Windows forensic skills to the investigative level and sharpen your analysis skills with an in-depth understanding of Windows-based evidence. Examiners will learn detailed knowledge of Windows-based file systems, operating system, user, and application artifacts. Windows 10 artifacts will also be scrutinized along the way providing more evidence to bolster your cases. Discover how the file systems functions and what the structures of artifacts store so you can insightfully choose what to examine and be in charge of the steps you take towards a higher-level investigative analysis. The solid curriculum also features analysis techniques of Windows Registry, system data, log files, journals, Windows Users, link and jump files, prefetch, volume shadow copies, compressed archives, volatile data, and much more. Attendees will learn to recover evidence pertaining to user actions, attached devices, files and folders accessed, application utilized, user settings amongst many other things. Learn how BlackLight’s powerful evidence parsing and artifact support works to provide efficiency and a comprehensive evidence assessment. Excel your examinations to an investigative interrogation of your evidence to drive your cases to new distances. Please view the course syllabus for more information.
Course Length: 4 days
Course Credit: 32 hours
By the end of this course, students will have navigated through practical assessments requiring hands-on analysis of Windows-based evidence. Students will develop a strong familiarity with Windows evidence including file systems, operating systems, user, and application artifacts. Students will be knowledgeable with where evidence is located, the values stored in data structures and what this data indicates.
None. Digital Forensic Basics course recommended for BlackLight familiarization but is not required.
$3,300 USD Government / Private Sector
What Are Confirmed Courses?
In the training industry, especially when it comes to niche training courses, we may need to cancel a scheduled course. This happens most commonly due to lack of registrations.
Courses have various thresholds for becoming confirmed. When a course is scheduled, it is by default tentative. Once the required number of registrations has been reached, the course will become confirmed. A confirmed course is guaranteed to run. A tentative course will most likely run, but may get cancelled, usually four to six weeks before its start date.
An acknowledgement email or invoice is different from a course confirmation. A separate confirmation email will be issued when a course is confirmed, or a cancellation email will be issued when a course is canceled.
Please feel free to contact us (firstname.lastname@example.org) if you have any questions.