This course covers
the identification and extraction of artifacts associated with the Microsoft
Windows operating system. Topics include the Change Journal, BitLocker, and a
detailed examination of the various artifacts found in each of the Registry hive
files. Students also examine Event Logs, Volume Shadow Copies, link files, and
thumbnails. This course uses a mixture of lecture, discussion, demonstration,
and hands-on exercises.
This is an advanced course,
intended for experienced digital forensic examiners with a solid understanding
of digital forensic principles.
NW3C recommends that students complete the following courses before
registering for Advanced Digital Forensic Analysis: Windows.
All classes are subject to
cancellation up to 45 days before the start of class if the minimum class
registration threshold is not met.