Windows Artifacts Foundations

24 Hours / 3-Day

Be introduced to the many forensically relevant items stored on a Windows-based system through user interaction and host operating system functionality.

Inquire

Operating Systems Overview

  • Learn to identify the core features of each NT Operating System
  • List the key artifacts contained in modern operating systems
  • Identify and review common folders on an NT Operating System.

Windows® System Artifacts

  • Describe the purpose of User Account Control
  • Discuss the forensic importance of Windows Prefetch and Superfetch
  • Learn how to examine ShadowCopies
  • Examine the function and forensic importance of the Recycle Bin.

Introduction to the Windows® Registry

  • Define the Windows Registry
  • Discuss Forensic benefits of examining the Registry
  • Recovering evidentially relevant data from the following registry files:
    • SAM
    • SYSTEM
    • SOFTWARE
    • NTUSER.DAT

Windows® Shortcuts

  • Introduction to Windows Shortcuts
  • Examine Link File Anatomy
  • Introduction to Jump Lists and analysis.

Thumbnail Caching

  • Learn of the functions Windows uses to cache thumbnail images
  • Discuss user interaction characteristics
  • Examine the internal structure of each cached database.

Windows® Start Screen Examination

  • Describe the purpose of Windows Immersive Applications
  • Examine how the Live Tiles cache data
  • Explore the storage areas for Immersive Applications.
  • Introduction to ESE Database analysis

Browser Examination

  • Introduction to browser forensics
    • Discuss common features of all browsers
  • Examination of data storage locations and artifacts of forensic interest
  • Introduction to Chromium-based browser artifacts
    • Examine storage locations
    • Learn of travel logs and their examination
    • Discuss the implications of InPrivate browsing
  • Introduction to the Cortana digital assistant

 

Prerequisites

To get the most out of this class, you should:

  • Have 6 months experience of forensic examinations
  • Be familiar with Windows Operating systems.

Request the Syllabus

Contact Spyder Forensics for more details of the course..

Hosting Courses

If you are interested in hosting this, or any of our courses at your facility, contact us.

Ready to get started?

CONTACT US