The Advanced Windows 10 Forensic analysis class is an expert-level four-day training course, designed for examiners who are familiar with the principles of digital forensics and keen to expand their knowledge on advanced forensics using a host of third-party tools to improve their computer investigations.
The Advanced Windows 10 Forensic Analysis course will give participants unbiased knowledge and skills necessary to analyze artifacts left behind through system and user interaction, utilizing industry standard tools and open source applications to explore the evidence in greater depth by learning how applications function and store data in the file system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows artifacts that are vitally important to forensic investigations. The participant will also gain knowledge on how to process Edge browser history, cookies, temp files InPrivate browsing challenges and analysis, BitLocker encryption, Windows Action Center (Notifications SQLite Database) and other Windows 10 specific artifacts. The course includes gaining an in depth look into jump Lists, Registry analysis and prefetch files and how they relate to forensic investigations and conclude with an in-depth look into OneDrive and synchronization processes between trusted devices.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practicals.
Suggested basic forensic training is suggested.