Practical Windows Forensics with Markus Schober
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes certificate of completion
- 12 months access to Cyber Range
Learn how to build your lab, prepare resources and perform an in-depth, hands-on forensic investigation, from start to finish.
The Practical Windows Forensics (PWF) is a self study course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform forensic analysis.
- 11 hours of guided video content
- 80+ videos on-demand
- 100% hands-on
- Access for the lifetime of the course
- Learn to use the most important forensic tools in the industry
- Course support materials are public on our Github
- FREE Practical Windows Forensics Cheat Sheet
Blue Team Summit (Aug 28th – Aug 29th, 2025)
- August 28th – 9:00 AM to 6:00 PM EDT
- August 29th – 9:00 AM to 6:00 PM EDT
Key Takeaways
- This course is based on experience that I wish I had known when I started working as a DFIR consultant
- You will learn how to prepare a target system that you will then investigate
- We will conduct a forensic analysis from start to finish on a “compromised” Windows System following the forensic process by NIST
- We’ll cover the fundamentals and internals of Windows systems that are important for performing forensic analysis
- We’ll use industry recognized tools that are freely available
- Information aligns with industry-recognized standards, frameworks, and literature
Who Should Take This Course
- Beginners wanting to break into cyber security. This course is beginner friendly
- SOC Analysts, Managers, DFIR consultants, Digital Forensics Specialists
- Junior and senior IT security staff
- Red Teamers seeking to elevate their mastery
- Lawyers and Compliance professionals involved in cyber-related lawsuits
- VirtualBox hypervisor (VMWare possible but not supported)
- Host system requirements:
- 4GB+ RAM for running Windows VMs (There are two VMs, but they do not have to run at the same time)
- Disk storage for 2 x Windows VMs using about 20GB and 40GB, respectively
- Around 30 GB for handling disk and memory images as well as additional files
Live Training
- Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
- Access to course slides for future reference
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge
On Demand Training
-
Train at your own pace with no set course schedule
-
Access to all course resources, including slides and VMs
-
Subject Matter Expert support through Discord
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge
Similar Courses
