Learn how to build your lab, prepare resources and perform an in-depth, hands-on forensic investigation, from start to finish. The Practical Windows Forensics (PWF) is a self study course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform forensic analysis.
- 11 hours of guided video content
- 80+ videos on-demand
- 100% hands-on
- Access for the lifetime of the course
- Learn to use the most important forensic tools in the industry
- Course support materials are public on our Github
- FREE Practical Windows Forensics Cheat Sheet
Key Takeaways:
What will You Learn?
- This course is based on experience that I wish I had known when I started working as a DFIR consultant
- You will learn how to prepare a target system that you will then investigate.
- We will conduct a forensic analysis from start to finish on a “compromised” Windows System following the forensic process by NIST.
- We’ll cover the fundamentals and internals of Windows systems that are important for performing forensic analysis.
- We’ll use industry recognized tools that are freely available.
- Information aligns with industry-recognized standards, frameworks, and literature.
Who Should Take This Course:
- Beginners wanting to break into cyber security. This course is beginner friendly.
- SOC Analysts, Managers, DFIR consultants, Digital Forensics Specialists
- Junior and senior IT security staff.
- Red Teamers seeking to elevate their mastery
- Lawyers and Compliance professionals involved in cyber-related lawsuits
Student Provided Resources:
Prerequisites:
- VirtualBox hypervisor (VMWare possible but not supported)
- Host system requirements:
- 4GB+ RAM for running Windows VMs (There are two VMs, but they do not have to run at the same time)
- Disk storage for 2 x Windows VMs using about 20GB and 40GB, respectively. Additionally, you’ll need around 30 GB for handling disk and memory images as well as additional files.
Instructor: Markus Schober
Course Length: 16 Hours
Tuition: Lifetime Access $575 USD
This page is for the On-Demand version of this course. Please check our Live Events Calendar for any live presentations of this class currently scheduled.
About Our On-Demand Courses…
Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Many courses are offered with lifetime access to the course and content updates. On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of completion, and complimentary access to the Antisyphon Cyber Range*.
* Cyber Range access and other course features may vary from course to course. See the specific details for each course on its registration page.
QW50aXN5cGhvbiBPbi1EZW1hbmQ=
Trainer & Author
Over the past decade Markus Schober has led numerous cyber security breach investigations for some of the largest organizations in the world, where he specialized in Incident Response and Digital Forensics. He also advised organizations on building cyber security programs and conducted training workshops for technical as well as executive audiences.
For many years he served as a manager and Principal Security Consultant at IBM X-Force Incident Response. He also has a background in software engineering in both the United States and Europe.
- Founder @ Blue Cape Security
- Consultant in Digital Forensics & Incident Response 6+ Years
- Software Engineer 5+ Years
- Masters Degree in Computer Sciences