Investigating Windows Subsystem for Linux - WSL Endpoints

This course aims to provide Digital Forensics & Incident Response professionals with the knowledge and skills to investigate compromised Windows 10 or Windows Server 2019 systems leveraging the Windows Subsystem for Linux (WSL). The course covers understanding the architecture changes in WSL 2, identifying forensic artefacts of interest, and recognizing attacker techniques such as LOLBins, Persistence, Lateral Movement, Command and Control, and Exfiltration. The teaching method includes highlighting nuances from a DFIR perspective and illustrating real-world scenarios. This course is intended for professionals in the field of Digital Forensics & Incident Response looking to enhance their skills in investigating compromised systems utilizing WSL.