Practical Windows Forensics with Markus Schober

Learn how to build your lab, prepare resources and perform an in-depth, hands-on forensic investigation, from start to finish.

On-Demand $575.00

Course Length: 16 Hours

Includes a Certificate of Completion

Enroll Now

Next scheduled date: Notify me when available

Description

Learn how to build your lab, prepare resources and perform an in-depth, hands-on forensic investigation, from start to finish.

The Practical Windows Forensics (PWF) is a self study course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform forensic analysis.

11 hours of guided video content
80+ videos on-demand
100% hands-on
Access for the lifetime of the course
Learn to use the most important forensic tools in the industry
Course support materials are public on our Github
FREE Practical Windows Forensics Cheat Sheet

Student Requirements
- VirtualBox hypervisor (VMWare possible but not supported)
Host System Requirements
- 4GB+ RAM for running Windows VMs (There are two VMs, but they do not have to run at the same time)
- Disk storage for 2 x Windows VMs using about 20GB and 40GB, respectively
- Around 30 GB for handling disk and memory images as well as additional files

FAQ

Key Takeaways

• This course is based on experience that I wish I had known when I started working as a DFIR consultant
• You will learn how to prepare a target system that you will then investigate
• We will conduct a forensic analysis from start to finish on a “compromised” Windows System following the forensic process by NIST
• We’ll cover the fundamentals and internals of Windows systems that are important for performing forensic analysis
• We’ll use industry recognized tools that are freely available
• Information aligns with industry-recognized standards, frameworks, and literature

Who Should Take This Course

• Beginners wanting to break into cyber security. This course is beginner friendly
• SOC Analysts, Managers, DFIR consultants, Digital Forensics Specialists
• Junior and senior IT security staff
• Red Teamers seeking to elevate their mastery
• Lawyers and Compliance professionals involved in cyber-related lawsuits

About the Instructor

Markus Schober

"I run a blue team training company"

Bio

Markus Schober is the founder of a blue team training and consulting company named Blue Cape Security. Prior to that, he served as a manger and Principal Security Consultant at IBM X-Force Incident Response. Over the past decade he has led numerous cyber security breach investigations for major organizations, where he specialized in Incident Response, Digital Forensics and Crisis Management.

Register for Upcoming

Filter by Product Date
Filter by Product Instructor
- Markus Schober
Filter by Product Type
- On-Demand