WinArt Class List
Cybercop 315 – Windows Artifacts
Back to all Computer Crime courses
PDF version of Course Description
This 5 day course begins with an introduction to the NT file system and the basic building blocks of the NT file system. Topical areas include metadata files, file attributes, dates and times, and the processes of saving and deleting files as well as recovering them. The students are then introduced to the identification and extraction of artifacts associated with Windows operating systems (XP through Windows 8) and the NT file system. Topical areas include named data streams, reparse points, encrypted objects, and a detailed examination of various registry artifacts to include mounted devices, the user assist key, security components and user specific information. Students will also examine event logs, volume shadow copy service, and thumbnails. The artifacts will be covered in a classroom and interactive setting which includes accessing suspect images in a virtual environment.
Prerequisites: This course requires the student have previous training in Cybercop 101 (BDRA) and Cybercop 201 (IDRA), or the equivalent and experience drawn from the application of the techniques utilized in the Cybercop 101 (BDRA)/Cybercop 201 (IDRA) training.
There are 5 WinArt classes currently scheduled.
| Date |
Length |
Location |
Instructor(s) |
Registration |
Addendum |
| Mon, Jun 24, 2013 |
5 Days |
Meriden, CT |
Joan Saltzman
Kurt Petro |
Request |
|
| Mon, Jul 22, 2013 |
5 Days |
Indianapolis, IN |
Jerry Jones
Joan Saltzman |
Request |
|
| Mon, Aug 19, 2013 |
5 Days |
Decatur, GA |
Kurt Petro
Tonia Wimberley |
Request |
|
| Mon, Sep 23, 2013 |
5 Days |
Bullhead City, AZ |
Not Yet Determined |
Request |
|
| Mon, Oct 28, 2013 |
5 Days |
San Jose, CA |
Jerry Jones |
Request |
|
Back to all Computer Crime courses