Windows Forensics Bootcamp

A five-day, instructor led, online course where you will learn the foundations of Windows computer forensics to include how to identify, preserve, extract, analyze and report forensic evidence found on Windows computers. You will dive into topics covering file system forensics, analysis & correlation, forensic tools, report writing and much more. You will also experience many hands-on labs where you will use the acquired knowledge coupled with open-source tools to ensure you can perform the necessary skills required of a computer forensic examiner.

Who should attend

This is a beginner to intermediate level course:

  • Law enforcement professionals looking to enter into computer investigations

  • Legal professionals looking to get a better understanding of computer forensic examinations

  • IT professionals tasked with host forensics and incident handling

  • Private Investigators

  • Anyone desiring to learn about Windows computer forensics or to enhance their skills

Course Outcomes:

Students who attend will be able to:

  • Properly recognize, collect and preserve digital evidence

  • Collect and examine volatile data from a live running computer

  • Apply the investigative process to digital investigations

  • Understand the concept of on-scene triaging

  • Formulate a keyword list

  • Understand the basics of GREP and how to use it to find relevant artifacts

  • Understand the concept and uses of file hashing

  • Interpret data at the binary level

  • Identify and understand windows file systems, Fat, Ex-Fat, and NTFS

  • Understand how various systems store data, what happens when a file gets written to disc, what happens when a file gets deleted from disc, and how to recover deleted files

  • Correctly interpret the information in the file system data structures

  • Recognize the evidence contained within the modern windows file system, including evidence found in the windows registry

  • Interpret Jump Lists, Link Files, Windows Prefetch, the recycle bin, and the Activities Cache Database

  • How to use several different forensic tools and understand how those tools extract relevant data from a file system

  • Obtain necessary skills needed to recover data and identify the actions a user took to hide or delete that data

  • Understand the basics of encryption and decryption methods

  • Create a well-written report, document their findings, and show specific user actions on a computer. You will learn what peer review is, why it is necessary, and its benefits

  • Testify with confidence with what you have learned

  • 00


  • 00


  • 00


  • 00




Oct 11 - 15 2021


All of the day