Description

Computer forensics is a skill that is widely in demand and with good reason. As organizations obtain more visibility into their environments, more compromises are detected and the need to determine what happened grows.  This course is an introduction into Microsoft Windows computer forensics. Students are taught how to analyze the file system, the registry, event logs, malware, memory, and much more. Each section contains a lab which reinforces the concepts, techniques, and tools taught during the class using real-world examples of compromised systems. At the end of the course, students will have a solid foundational knowledge of Windows computer forensics and will be able to analyze a system to determine what an attacker did on it. PREREQUISITE: Students will be required to utilize their own laptops for the class. Laptops should have virtual machine software that is capable of snapshots, as well as a Windows virtual machine installed. Additional requirements will be sent out prior to the class.