Forensic 408 windows in depth

FOR408: COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation.

This course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime. In addition to in-depth technical knowledge of Windows Digital Forensics (Windows XP through Windows 8 and Server 2012), you will learn about well-known computer forensic tools such as Access Datas Forensic Toolkit (FTK), Guidance Softwares EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer, and much more. Many of the tools covered in the course are freeware, comprising a full-featured forensic laboratory that students can take with them.


Windows File System Foundations

Evidence Acquisition Tools and Techniques

Law Enforcement Bag and Tag

Evidence Integrity

Registry Forensics

Windows Artifact Analysis

Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis

E-Mail Forensics (Host, Server, Web)

Microsoft Office Document Analysis

Windows Link File Investigation

Windows Recycle Bin Analysis

File and Picture Metadata Tracking and Examination

Prefetch Analysis

Event Log File Analysis

Firefox, Chrome, and Internet Explorer Browser Forensics

Deleted File Recovery

String Searching and Data Carving

Examination of Cases involving Windows XP, VISTA, and Windows 7, and Windows 8

Media Analysis And Exploitation involving:

Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)

Identifying if and how the suspect downloaded a specific file to the PC

Determining the exact time and number of times a suspect executed a program

Showing when any file was first and last opened by a suspect

Determining if a suspect had knowledge of a specific file

Showing the exact physical location of the system

Tracking and analysis of USB devices

Showing how the suspect logged on to the machine via the console, RDP, or network

Recovering and examining browser artifacts, even those used in private browsing mode

Forensic Analysis Report Writing

Fully Updated to include Windows 8 and Server 2012 Examinations