Windows Forensic Analysis is constantly progressing. If you have been doing digital forensics for the past few years and haven’t been able to keep your skills up to date, FOR500 Windows Forensic Analysis will bring your skills up to date. Do you know what a shell item is and why it is important to proper windows digital artifact analysis? Have you ever heard of the SRUM database and what it could mean in attempting to track individuals stealing data from your organizations? The latest evidence of execution artifacts such as ShimCache and AmCache registry hive files are critical to proving certain programs are executed. Even more so, Windows operating systems synchronize a lot of the data stored on the OS across multiple devices without you knowing about it. Completely updated through Windows 10 the new FOR500: Windows Forensics course is not an introduction to forensics class but focuses completely on artifacts that will help you solve the most complex investigations.
-
Extract Common Windows Forensic Artifacts with ArtifactExtractor
ArtifactExtractor is a script that extracts common Windows artifacts from source images an… -
Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection
A JA3 hash represents the fingerprint of an SSL/TLS client application as detected via a n… -
Amcache and USB Device Tracking
Jason Hale has published an interesting post on how to use the amcache to track USB device…
Load More Related Articles
-
Digital Forensics and Incident Response (DFIR) for ICS Embedded Devices
Chris Sistrunk of Mandiant shows tools and tips on the very new field of DFIR for PLC̵… -
Introduction to Redline
As a continuation of the “Introduction to Memory Forensics” series, Richard Davis taking a… -
Cloud attacks illustrated: How unique insights from Microsoft help you defend against attacks
The threat landscape is rapidly evolving, making it hard for most organizations to keep pa…
Load More In Videos
