The Advanced Windows Forensics training is a four-day course that will introduce the participant to the many forensically relevant artifacts on a Microsoft 10 Windows system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. The participant will also gain knowledge on how to process Edge browser history, cookies, temp files InPrivate browsing challenges and analysis, BitLocker encryption and other Windows 10 specific artifacts. The course includes gaining an in depth look into jump Lists, and prefetch files and how they relate to forensic investigations.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s.