W600 Windows Forensics
-
Duration
5 Days
-
Level
Intermediate and Advanced
With the developed and intensive version of the “F300 Digital Forensic Essentials ” and “F500 Digital Forensics Specialist (Essentials)” training programs, this training is positioned at the intermediate-advanced level in the fields of digital forensics and data analysis. Unlike the “F600 Digital Forensics Specialist (Advanced) Training” program, this training includes more comprehensive information about the structure of the Windows operating system. Participants who want to improve themselves in this field will seek answers to the questions of what, why, how, where, when and who on the sample data examined.
MODULE 1 • Methodology of Digital Forensics • Digital Evidence Concept | MODULE 8 • Metadata | MODULE 15 • Thumbnail Analysis |
MODULE 2 • Code Of Criminal Procedure • Penal Code | MODULE 9 • Hash Concept and Usage | MODULE 16 • Prefetch |
MODULE 3 • Evaluation of Data as Digital Evidence | MODULE 10 • Windows Registry | MODULE 17 • Shimcache - Amcache |
MODULE 4 • Incident Response | MODULE 11 • Recycle Bin | MODULE 18 • System Resource Usage Monitor (SRUM) |
MODULE 5 • Acquisition of Volatile Data and RAM | MODULE 12 • Shell – USB Examinations | MODULE 19 • Event Log Examinations |
MODULE 6 • Fast Triage Image Acquisition and Review | MODULE 13 • E-mail Examinations | MODULE 20 • Browser Examinations |
MODULE 7 • Windows File System | MODULE 14 • Windows Search Index | MODULE 21 • Reporting |