Professional & dedicated training programs
This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analysing Windows artifacts.
Main components of the course:
- Examination of the Microsoft Windows Registry
- The use of block-based file hash analysis for file recovery
- Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
- Examination and recovery of Windows event logs
- Hardware and software RAID technology, acquisition, and examination
- Understanding SQLite databases and querying their data
- Recovering deleted SQLite data
- The purpose and function of prefetch files and how to analyse them
- Principles of encrypted data recovery
- Various techniques on the examination of RAM
- Low-level data recovery from Zip files and the latest version of Microsoft Word documents
DATE AND TIME
The online classes take place regularly.
Also available: on-demand classes with flexible time management.
For dates and times please contact us!
All participants will receive official certification from OpenText and 32 CPE Credits after successfully completing the course.
A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the course DF320-Building an Investigation.
- Know advanced concepts for the analysis of Windows artifacts
- Know the parsing and analysing techniques for Registry files, Volume Shadow Service, RAM, zip files, prefetch and SQLite contents.
Here you have the opportunity to register for the current training. Or contact us for more information.