Windows Forensic Analysis Training Course with Hands-on labs
Windows Forensic Analysis Training; Proper analysis requires real data for students to examine. The completely updated Windows Forensic Analysis Training course trains digital forensic analysts through a series of new hands-on laboratory exercises that incorporate evidence found on the latest Microsoft technologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office 365, cloud storage, Sharepoint, Exchange, Outlook). Students leave the Windows Forensic Analysis Training course armed with the latest tools and techniques and prepared to investigate even the most complicated systems they might encounter. Nothing is left out - attendees learn to analyze everything from legacy Windows XP systems to just discovered Windows 10 artifacts.
Every organization must prepare for cyber-crime occurring on their computer systems and within their networks. Demand has never been higher for analysts who can investigate crimes like fraud, insider threats, industrial espionage, employee misuse, and computer intrusions. Government agencies increasingly require trained media exploitation specialists to recover key intelligence from Windows systems. To help solve these cases, ENO is training a new cadre of the world's best digital forensic professionals, incident responders, and media exploitation masters capable of piecing together what happened on computer systems second by second.
Windows Forensic Analysis Training focuses on building in-depth digital forensics knowledge of the Microsoft Windows operating systems. You can't protect what you don't know about, and understanding forensic capabilities and artifacts is a core component of information security. Learn to recover, analyze, and authenticate forensic data on Windows systems. Understand how to track detailed user activity on your network and how to organize findings for use in incident response, internal investigations, and civil/criminal litigation. Use your new skills for validating security tools, enhancing vulnerability assessments, identifying insider threats, tracking hackers, and improving security policies. Whether you know it or not, Windows is silently recording an unimaginable amount of data about you and your users. Windows Forensic Analysis Training teaches you how to mine this mountain of data.
Duration: 5 days
Windows Forensic Analysis Training - Customize It!
• We can adapt this Windows Forensic Analysis Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Windows Forensic Analysis Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Windows Forensic Analysis Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Windows Forensic Analysis Training course in manner understandable to lay audiences.
Windows Forensic Analysis Training - Audience / Target Group
• Information security professionals who want to learn the in-depth concepts of Windows digital forensics investigations.
• Incident response team members who need to use deep-dive digital forensics to help solve their Windows data breach and intrusion cases.
• Law enforcement officers, federal agents, or detectives who want to become a deep subject-matter expert on digital forensics for Windows-based operating systems.
• Media exploitation analysts who need to master tactical exploitation and Document and Media Exploitation (DOMEX) operations on Windows-based systems used by an individual. Attendees will be able to specifically determine how individuals used a system, who they communicated with, and the files that were downloaded, edited, and deleted.
• Anyone interested in a deep understanding of Windows forensics who has a background in information systems, information security, and computers.
Windows Forensic Analysis Training - Prerequisites
• Windows Forensic Analysis Training is an intermediate level Windows forensics course that skips over the introductory material of digital forensics. This class does not include basic digital forensic analysis concepts. FOR408 focuses entirely on in-depth tool agnostic analysis of Windows operating system and artifacts.
Windows Forensic Analysis Training - Objectives:
After completing this Windows Forensic Analysis Training course, attendees will be able to:
• Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012
• Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geo-location, file download, anti-forensics, and detailed system usage
• Focus your capabilities on analysis instead of how to use a specific tool
• Extract key answers and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation
Windows Forensic Analysis Training - Course Content:
• Windows Operating Systems Focus (Win7, Win8/8.1, Windows 10, Server 2008/2012/2016)
• Windows File Systems (NTFS, FAT, exFAT)
• Advanced Evidence Acquisition Tools and Techniques
• Registry Forensics
• Shell Item Forensics
• Shortcut Files (LNK) - Evidence of File Opening
• Shellbags - Evidence of Folder Opening
• JumpLists - Evidence of File Opening/Program Exec
• Windows Artifact Analysis
• Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis
• E-Mail Forensics (Host, Server, Web)
• Microsoft Office Document Analysis
• Windows Recycle Bin Analysis
• File and Picture Metadata Tracking and Examination
• Prefetch Analysis
• Event Log File Analysis
• Firefox, Chrome, and Internet Explorer Browser Forensics
• Deleted Registry Key and File Recovery
• String Searching and File Carving
• Examination of Cases Involving Windows 7, Windows 8/8.1, and Windows 10
• Media Analysis and Exploitation involving:
• Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)
• Identifying if and how the suspect downloaded a specific file to the PC
• Determining the exact time and number of times a suspect executed a program
• Showing when any file was first and last opened by a suspect
• Determining if a suspect had knowledge of a specific file
• Showing the exact physical location of the system
• Tracking and analysis of external and USB devices
• Showing how the suspect logged on to the machine via the console, RDP, or network
• Recovering and examining browser artifacts, even those used in a private browsing mode
• Discovering utilization of anti-forensics, including file wiping, time manipulation, and program removal
• The Course Is Fully Updated to Include Latest Windows 7, 8, 8.1, 10 and Server 2008/2012/2016 Techniques