Windows Forensic Analysis is constantly progressing. If you have been doing digital forensics for the past few years and haven’t been able to keep your skills up to date, FOR500 Windows Forensic Analysis will bring your skills up to date. Do you know what a shell item is and why it is important to proper windows digital artifact analysis? Have you ever heard of the SRUM database and what it could mean in attempting to track individuals stealing data from your organizations? The latest evidence of execution artifacts such as ShimCache and AmCache registry hive files are critical to proving certain programs are executed. Even more so, Windows operating systems synchronize a lot of the data stored on the OS across multiple devices without you knowing about it. Completely updated through Windows 10 the new FOR500: Windows Forensics course is not an introduction to forensics class but focuses completely on artifacts that will help you solve the most complex investigations.
-
Cloud Forensics: Box
It seems we really enjoy forensicating desktop apps for cloud services. Last week we start… -
The Magic of Raw Data Carving
You have used all of the utilities in your expensive forensic suite, and other programs to… -
Invoke-Adversary – Simulating Adversary Operations
Invoke-Adversary is a PowerShell script that helps you to evaluate security products and m…
Load More Related Articles
-
Introduction to USB Detective
This video is the next episode of “Introduction to Windows Forensics” series b… -
Forensic Lunch with Maxim Suhanov
This time the “Forensic Lunch” with David Cowen meets Maxim Suhanov – di… -
Volatility Profiles and Windows 10
As of the recording of this video, the current version of Volatility is 2.6; however, even…
Load More In Videos