Windows Systems Forensic Analysis
You cannot protect what you do not know, and understanding forensic capabilities and artifacts is a fundamental cog of information security. This course centers on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You will learn how to recover, analyse, and substantiate forensic data on Windows systems, track particular user activity on your network, and organize findings for use in incident response, internal investigations, and civil/criminal proceedings. You will be able to use your new skills to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies.
Where: Institute of Forensics and ICT Security located on 4th floor Ntinda Complex, Plot 33, Ntinda road (Opp. St. Luke Church)
Fee: $250 per person inclusive of refreshments.
You will be required to also pay $20 and this fee will get you buffet, refreshments like water and sodas, fruits and tea if needed for the 2 days you will be training with us. Note that you can choose not to pay this fee and you will not have the above or pay for specific days. Each day is $10
What you will learn
- Perform proper Windows forensic analysis by applying key techniques focusing on Windows 7/8/10
- Use full-scale forensic tools and analysis methods to detail nearly every action a suspect accomplished on a Windows system, including who placed an artifact on the system and how, program execution, file/folder opening, geo-location, browser history, profile USB device usage, and more
- Identify keywords searched by a specific user on a Windows system to pinpoint the data and information that the suspect was interested in finding and accomplish detailed damage assessments
- Learn event log analysis techniques and use them to determine when and how users logged into a Windows system, whether via a remote session, at the keyboard, or simply by unlocking a screensaver
- Determine where a crime was committed using Registry data to pinpoint the geo-location of a system by examining connected networks and wireless access points
- Determine the number of times files have been opened by a suspect through browser forensics, shortcut file analysis (LNK), e-mail analysis, and Windows Registry parsing