BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

Windows Forensics and Tools

via Cybrary

Go to class Write review

Overview

Windows forensics and tools focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems. Opposite to the common myth, Windows forensics is not easy, even when it is the most commonly analyzed platform in computer forensics, Windows has many Undocumented features and does not allow easy access to many of the physical layer devices, which is needed for bit level operations. You will learn the general methodology used when performing a forensics analysis, which will be the same for Windows operating systems, the process for imaging in Windows and how to do it using third party software, as well as some memory analysis tools.

In order to know how to analyze the evidence, some Windows essentials will be covered, such as System registries (general registry info to look for and where), Windows Prefetch, restore points, Recycle Bin, pertinent system’s files and the structure of important Windows software like E-mail, Offices tools and Internet browsers. You will also learn some important concepts like Steganography and the Drive Nomenclature in Windows, which are key to understand how Windows is structured and where the information can be found.

There are labs and tools that will help you practice for a Windows Forensics Analysis, you will be able to use them and practice with real-life scenarios.

Syllabus

  • Module 1: Is Windows Forensics Easy?
    • 1.1 Course Introduction
    • 1.2 Common Myths
    • 1.3 Forensic Investigation Methodology
  • Module 2: Windows Imaging
    • 2.1 Physical Drive Nomenclature in Windows
    • 2.2 Logical Drive Nomenclature in Windows
    • 2.3 Summary of Windows Device Names
  • Module 3: Imaging with DD
    • 3.1 Basic dd.exe Operation
    • 3.2 dd.exe Logical Drive Example
    • 3.3 Physical Memory
    • 3.4 Looking at Memory
  • Module 4: Memory Analysis Tools
    • 4.1 Memparser
    • 4.2 Volatility
    • 4.3 Other Tools
  • Module 5: Windows Essentials - SID
    • 5.1 SID (Security Identifier)
  • Module 6: System Registry
    • 6.1 Registry Hives
    • 6.2 New Registry Hives in Windows 8
    • 6.3 Registry Root Keys
    • 6.4 Registry Viewer
  • Module 7: Analysis of Evidence
    • 7.1 General Registry Info to Look For
    • 7.2 UserAssist
    • 7.3 UserAssist Parcer
  • Module 8: Windows Essentials - Windows Prefetch
    • 8.1 Windows Prefetch
  • Module 9: Windows Essentials - Restore Points
    • 9.1 Registry of the Past
    • 9.2 Restore Point Data
  • Module 10: Windows Essentials - Recycle Bin
    • 10.1 Recycle Bin
  • Module 11: Reviewing Pertinent Files
    • 11.1 WORD Forensics
    • 11.2 Pictures
    • 11.3 Internet History
  • Module 12: Windows Artifacts
    • 12.1 Windows Artifacts Part 1
    • 12.2 Windows Artifacts Part 2
  • Module 13: USBSTOR
    • 13.1 USBSTOR
    • 13.2 USBDeview
  • Module 14: Steganography
    • 14.1 Steganography Tools
    • 14.2 Steganography Lab
  • Module 15: E-Mail Forensics
    • 15.1 E-Mail Forensics
  • Module 16: Course Summary
    • 16.1 Course Summary

Taught by

Adalberto Jose Garcia

Reviews

Start your review of Windows Forensics and Tools

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.