Practical Windows Forensics with Markus Schober
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes certificate of completion
- 12 months access to Cyber Range
Learn how to build your lab, prepare resources and perform an in-depth, hands-on forensic investigation, from start to finish.
The Practical Windows Forensics (PWF) is a self study course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform forensic analysis.
- 11 hours of guided video content
- 80+ videos on-demand
- 100% hands-on
- Access for the lifetime of the course
- Learn to use the most important forensic tools in the industry
- Course support materials are public on our Github
- FREE Practical Windows Forensics Cheat Sheet
Key Takeaways
- This course is based on experience that I wish I had known when I started working as a DFIR consultant
- You will learn how to prepare a target system that you will then investigate
- We will conduct a forensic analysis from start to finish on a “compromised” Windows System following the forensic process by NIST
- We’ll cover the fundamentals and internals of Windows systems that are important for performing forensic analysis
- We’ll use industry recognized tools that are freely available
- Information aligns with industry-recognized standards, frameworks, and literature
Who Should Take This Course
- Beginners wanting to break into cyber security. This course is beginner friendly
- SOC Analysts, Managers, DFIR consultants, Digital Forensics Specialists
- Junior and senior IT security staff
- Red Teamers seeking to elevate their mastery
- Lawyers and Compliance professionals involved in cyber-related lawsuits
- VirtualBox hypervisor (VMWare possible but not supported)
- Host system requirements:
- 4GB+ RAM for running Windows VMs (There are two VMs, but they do not have to run at the same time)
- Disk storage for 2 x Windows VMs using about 20GB and 40GB, respectively
- Around 30 GB for handling disk and memory images as well as additional files
There are no scheduled live dates for this course at this time. Private training may be available.
On Demand Training
-
Train at your own pace with no set course schedule
-
Access to all course resources, including slides and VMs
-
Subject Matter Expert support through Discord
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge