Windows 11 Forensic Exploitation – October 2024 – Live On-site – Singapore
Advanced Training
Course Overview
The Advanced Windows® 11 Forensic Exploitation Analysis course offers expert-level training over the span of 4-days, tailored for digital examiners already well-versed in the fundamentals of digital forensics. This intensive program delves into advanced forensic techniques using an array of third-party tools, specifically honing in on the latest features of Microsoft’s operating system.
Throughout the course, participants will master the utilization of various applications and utilities crucial for the identification, processing, comprehension, and documentation of key Windows® 11 artifacts essential for comprehensive digital investigations. Topics covered include navigating the intricacies of chromium-based browsers, decrypting BitLocker encryption, analyzing newly-introduced Windows® apps, dissecting obscured application data, leveraging the Windows Subsystem for Linux, Sandbox and Android, and scrutinizing other Windows® 11 specific artifacts. Additionally, students will explore methodologies for reviewing data distributed across multiple locations.
This comprehensive curriculum extends beyond surface-level understanding, offering deep insights into Windows 11 virtualized security measures, alongside comprehensive exploration of new Registry file functionalities and transaction logging. Core Windows artifacts will undergo thorough examination and analysis. The course culminates with an extensive exploration of OneDrive offline storage and synchronization processes across authenticated devices, shedding light on critical aspects of data management.
Of particular importance is the emphasis on SQLite forensics, pivotal in data analysis. Students will acquire detailed proficiency in scripting and data exploitation, enhancing their investigative capabilities. By the end of the course, participants will have acquired advanced skills and a nuanced understanding of Windows® 11 forensic exploitation, empowering them to tackle complex digital investigations with confidence and precision.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and student practicals.
Course Highlights
Learn to use various applications and utilities to successfully identify, understand and document numerous Windows® 11 artifacts that are vitally important to forensic Examinations.
Learn how to process core system artifacts including SQLite Database analysis, and other new Windows®11 specific applications.
Gain in-depth knowledge of Windows OneDrive synchronization and how data is shared between trusted devices.
Unbiased use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and practical’s.
The course will follow adult learning principles through training aids such as presentations, diagrams and practical instructor lead examples. Each artifact covered will be presented in either one or two 50-minute sessions followed by review questions. Students will be given the opportunity throughout the course to ask questions and discuss objectives covered in more detail. Throughout each day students will have practical exercises to work on in order to reinforce the topics.
What you will need:
Spyder Forensics will provide a training environment, student laptop to use throughout the course and all software used throughout the week.
What you will receive:
Printed course manual · Student USB · Access to the Spyder Forensics Academy · Course certificate