Windows Forensic Analysis is constantly progressing. If you have been doing digital forensics for the past few years and haven’t been able to keep your skills up to date, FOR500 Windows Forensic Analysis will bring your skills up to date. Do you know what a shell item is and why it is important to proper windows digital artifact analysis? Have you ever heard of the SRUM database and what it could mean in attempting to track individuals stealing data from your organizations? The latest evidence of execution artifacts such as ShimCache and AmCache registry hive files are critical to proving certain programs are executed. Even more so, Windows operating systems synchronize a lot of the data stored on the OS across multiple devices without you knowing about it. Completely updated through Windows 10 the new FOR500: Windows Forensics course is not an introduction to forensics class but focuses completely on artifacts that will help you solve the most complex investigations.
-
CCF-VM 2.1 has been released
CyLR CDQR Forensics Virtual Machine (CCF-VM) by Alan Orlikoski has been updated to version… -
Scanning Memory with Yara
Memory analysis has been successfully utilized to detect malware in many high profile case… -
The Sleuth Kit 4.4.2 and Autopsy 4.4.1 have been released
New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, …
Load More Related Articles
-
Windows MACB Timestamps (NTFS Forensics)
As a continuation of the “Introduction to Windows Forensics” series by Richard… -
Amazon Alexa, Are You Skynet?
This is not yet another internet of things presentation. This talk will discuss the resear… -
An Academic’s View to Incident Response
Here is a talk by Martin Schmiedecker from SHA2017 on incident response: SHA2017 is a non …
Load More In Videos
