This course is funded
through OJJDP. To register, you must be affiliated with an ICAC Task Force. Furthermore,
you must agree to comply with the ICAC Operational and Investigative Standards. Please
contact your ICAC task force commander if you have any questions about
these standards. Course
description This course covers the identification and extraction of
artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal,
BitLocker® ,
and a detailed examination of the various
artifacts found in each of the Registry hive files. Students also examine
Event Logs, Volume Shadow Copies, link files, and jump lists. This
course uses a mixture of lecture, discussion, demonstration, and hands-on
exercises. Key concepts covered in this course include:
• The registry
• Shellbags
• Mounted devices • Change journal • Prefetch
Excel Office 365 recommended, versions 2010 and
newer will be functional. Recommended skills This is an advanced course,
intended for experienced digital forensic examiners with a solid understanding
of digital forensic principles. NW3C recommends that students complete the following courses before
registering for Advanced Digital Forensic Analysis: Windows: Cancellation All classes are subject to
cancellation up to 45 days before the start of class if the minimum class
registration threshold is not met. |
BYOD Course This is a BYOD (bring your own device) course. You will use your own laptop computer for all in-class
exercises. Computer Requirements The hands-on practical exercises are
intensive, critical to understanding the material being taught, and required to
successfully complete the class. If your computer hardware does not meet the
mandatory requirements listed below, your experience in taking the class will be
less than ideal and may also impact other students while the instructors take
time to troubleshoot hardware and software problems.
Mandatory Operating System Requirements •Operating system.Your computer must be running Microsoft Windows 10 or macOS v10.12 or
later. Make sure your operating system is fully updated prior to class. •Smartphones and tablets are
prohibited. • Local
administrator access is required. If you do not have administrative rights,
you
will not be able to successfully complete the class. Prior to class, please
check with your IT department to install the required software. •
Disconnect your VPN . Disconnect
your work virtual private network (VPN). Being connected to the Internet through
a VPN can block access to the virtual lab environment.
Mandatory Software Requirements •
Citrix Workspace
App. Required to access our virtual lab environment and to
complete the required hands-on practical exercises. •
Google Chrome.
The recommended browser to launch our virtual lab environment. •
Webex
Meetings. Required to enter our live online training environment, Webex Training
Center. • Webex Chrome Extension.
Required to launch our live online training environment, Webex Training Center,
and works hand-in-hand with the Webex Meetings application. *Your attendance
at this course is conditional upon your compliance with CDC, state, and local
guidance regarding COVID-19 prevention. While CDC, state, and local guidance is
designed to reduce the rate of COVID-19 infections, nothing can eliminate your
risk of contracting COVID-19 or one of its variants. By attending this class,
you acknowledge that you understand and are assuming the risk of contracting
COVID-19. Due to the rapidly changing nature of COVID-19 guidance, infection
rates, and safety standards, this class may be rescheduled or cancelled on short
notice. |