This training is intended for U.S. Criminal Justice
Practitioners. Please register using your agency-issued email.
This course covers the identification and extraction of
artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal,
and a detailed examination of the various
artifacts found in each of the Registry hive files. Students also examine
Event Logs, Volume Shadow Copies, link files, and jump lists. This
course uses a mixture of lecture, discussion, demonstration, and hands-on
Key concepts covered in this course include:
• The registry
• Mounted devices
• Change journal
Excel Office 365 recommended, versions 2010 and
newer will be functional.
This is an advanced course,
intended for experienced digital forensic examiners with a solid understanding
of digital forensic principles.
NW3C recommends that students complete the following courses before
registering for Advanced Digital Forensic Analysis: Windows:
All classes are subject to
cancellation up to 45 days before the start of class if the minimum class
registration threshold is not met.