top of page
ThinkCyber Innovations Wide White

1,600

NX212 – Windows Forensics

Valid for 6 months

Organizations: Contact us for enterprise solutions and volume pricing.

Windows Forensics

Investigate Windows system incidents

Master professional forensics techniques to analyze system artifacts, collect digital evidence, and conduct thorough investigations in Windows environments.

Series

NX Defense

Program Code

NX212

Level

Level-3

Organizations: Contact us for enterprise solutions and volume pricing.

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Description

Dive into digital forensics with a comprehensive approach to Windows system investigation. From disk analysis to memory forensics, you'll learn to handle digital evidence like a professional. Using industry-standard tools like FTK and Volatility, you'll master the methodologies needed for thorough incident investigations and artifact analysis.

Most students complete this course in 10 to 12 weeks when studying regularly.

Program Impact & Outcomes

After completing this course, you will:

  • Master disk analysis and file system forensics

  • Conduct thorough memory analysis

  • Extract and analyze digital artifacts

  • Investigate system events and malware

  • Document findings to professional standards

  • Handle evidence with forensic precision

Real-World Training Environment

From day one, you will:

  • Work with professional forensic tools

  • Analyze real disk and memory artifacts

  • Practice evidence collection methods

  • Investigate live system events

  • Document findings using industry standards

  • Build hands-on investigation skills

What You Will Learn

Windows Forensics plays a crucial role in cybersecurity. Trainees will understand the data storage mechanisms of the Windows OS and acquire the skills to conduct investigations during and post cyber incidents.

WINDOWS FORENSICS

  • This module explores file and disk handling, encoding, and number systems, delving into digital sizes and SSD features. It includes hands-on training with a Hex Editor and teaches disk and file viewing techniques. The section proceeds to cover automatic carving, and methods to examine system files and metadata in Windows.

    • Files and Disks

    • Encoding

    • Number Systems

    • Digital Sizes

    • Solid State Drive (SSD) Features

    • Hex Editor

    • Working with Offsets

    • Viewing Files

    • Viewing Disks

    • Automatic Carving

    • Carving Methods

    • Automatic Carvers

    • Windows System Files

    • Metadata

    • Viewing Metadata

    • Modified Accessed Created

    • Editing Exif Data
       

  • This module delves into steganography, teaching how to identify, extract, and create hidden files. It transitions into hard disk analysis, focusing on system files and Master File Table (MFT) analysis. It also imparts hands-on experience with Forensic Toolkit (FTK), a crucial tool for digital forensics. This module equips learners with vital skills in data hiding and disk analysis.

    • Steganography

    • Identify Hidden Files

    • Extracting Hidden Files

    • Creating Hidden Files

    • Hard Disk Analysis

    • System Files

    • MFT Analysis

    • Working with FTK

  • This module delves into the analysis of digital artifacts. It focuses on registry analysis, including data extraction and examination of NTUSER.DAT files. The module concludes with techniques for conducting a general search and the use of registry viewers, thereby enhancing learners' understanding of digital artifact investigation.

    • Artifacts

    • Artifact Directories

    • Browsers

    • Shadow Copies

    • Registry Analysis

    • Extracting Data

    • NTUSER.DAT Analysis

    • General Search

    • Registry Viewers
       

  • This module delves into the complex realms of memory, event, network, and malware analysis. It imparts key skills for inspecting computer memory, investigating system events, analyzing network interactions, and examining malicious software, thereby equipping learners with critical abilities for cyber forensics investigations.

    • Memory Analysis

    • Creating an Image

    • Working with Volatility

    • Carving Data from RAM

    • Events Analysis

    • Event Viewers

    • Setting Audit Policy

    • Custom Search

    • Network Analysis

    • Service Protocol Analysis

    • Identifying Darknet Connections

    • Malware Analysis

    • Basic Static Analysis

    • Basic Dynamic Analysis
       

bottom of page