This course is funded
through OJJDP. To register, you must be affiliated with an ICAC Task Force. Furthermore,
you must agree to comply with the ICAC Operational and Investigative Standards. Please
contact your ICAC task force commander if you have any questions about
This course covers the identification and extraction of
artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal,
and a detailed examination of the various
artifacts found in each of the Registry hive files. Students also examine
Event Logs, Volume Shadow Copies, link files, and jump lists. This
course uses a mixture of lecture, discussion, demonstration, and hands-on
Key concepts covered in this course include:
• The registry
• Mounted devices
• Change journal
Excel Office 365 recommended, versions 2010 and
newer will be functional.
This is an advanced course,
intended for experienced digital forensic examiners with a solid understanding
of digital forensic principles.
NW3C recommends that students complete the following courses before
registering for Advanced Digital Forensic Analysis: Windows:
All classes are subject to
cancellation up to 45 days before the start of class if the minimum class
registration threshold is not met.