Windows Forensics 101

About This Course

The Windows Forensics Fundamentals training is designed to teach participants digital forensics and incident response processes within the Windows operating system. The trainingcovers the Windows file system, log analysis, key artifacts, and essential incident response techniques. Participants will gain hands-on experience through scenario-based practical exercises.

Who Should Attend?

Information Security Experts
System and Network Experts
Digital Forensics Experts
Cyber Incident Response Specialists

Participant Gains

Learning the basic digital forensics processes on Windows
Extracting evidence from file systems, logs, and artifacts
Event analysis through scenario-based exercises
Learning the basic usage of open-source Windows Forensics tools

Topics

1. Fundamentals of Digital Forensics and Incident Response

Concepts of digital forensics and incident response
Incident response life cycle (NIST / SANS)
Digital crime investigation processes

2. Fundamentals of the Windows File System

NTFS and MFT structure
Prefetch, Recycle Bin, and LNK files
File timestamps and basic metadata

3. Analysis of Windows Artifacts

Registry artifacts: Run keys, USBHistory, MRU
Jump Lists and application artifacts
Basic detection of important system artifacts

4. Fundamentals of Log Analysis

Event Viewer logs: Security, System, Application
Sysmon and other Windows logs
Basic log analysis and correlation
Automatic threat analysis using open-source Windows Forensics tools

5. Scenario-Based Practical Exercises

Creating timelines with open-source Windows Forensics tools
Malware and suspicious access scenarios
Hands-on analysis and reporting with participants

Duration / Fee

Total Duration

12 Saat

(4 Days x 3 Hours)

Training Hours

18:00-21:00

Fee

Detaylı bilgi için arayınız.

Preliminary Information Form