Introduction
Practical Windows Forensics is an eleven hour course that teaches students about digital forensics while it walks them through an investigation of a compromised Windows system. It was designed by Markus Schober and is available through TCM Security.
The Course
Markus guides you through the entire digital forensics process, from data acquisition to final reporting. The instructions are straightforward and he does an exceptional job explaining the different topics covered.
Some of the tasks in the course include:
- Configuring your forensic and compromised workstations.
- Executing a simulated attack scenario.
- Collecting and extracting data from the physical disk and memory of the target system.
- Examining and uncovering artifacts from the disk and captured memory.
- Generating timelines for the events occurred.
This course covers essential artifacts that are critical for any digital forensic examiner to understand such as the MFT, the USN Journal, the Registry, ShellBags, Amcache, Event Logs, and more.
You’ll also get experience using Eric Zimmerman tools, KAPE, Volatility3, RegRipper, and other tools that are commonly used by examiners during an investigation.
Upon successful completion of the course, you will be able to download a certificate as proof of completion.
Summary
Overall, the course provides an interactive and practical approach to learning the basics of digital forensics and incident response (DFIR). It is an excellent starting point for those considering a career in this field.