Windows 11 Forensic Exploitation – (Live Remote) – Sept 2024
4-day Advanced Level Course
Course Overview
The Advanced Windows® 11 Forensic Exploitation analysis course is an expert-level week-long training event designed for examiners who are familiar with the principles of digital forensics and keen to expand their knowledge on advanced forensics using a host of third-party tools to improve their digital investigations techniques on the latest operating system from Microsoft.
Students will learn to use various applications and utilities to successfully identify, process, understand, and document numerous Windows® 11 artifacts that are vitally important to forensically examine the latest Microsoft operating system. The participant will gain knowledge on how to process the latest chromium Edge browser, deal with BitLocker encryption, analyze the new Windows® Photos app, examine Windows obscured apps, exploit the Windows Subsystem for Linux and Android, plus other Windows® 11 specific artifacts and review data in the newly updated Notepad application.
The course includes gaining in-depth knowledge in all aspects of Windows 11 virtualized security, plus learning of new Registry file functions and transaction logging, extraction of Microsoft 365 (Office 365) artifacts on Windows 11, and other core Windows artifacts will be examined and analyzed then concluding with an in-depth look at OneDrive off-line storage and synchronization processes between trusted devices the user account has authenticated to. SQLite forensics plays a major role in the analysis of data therefore students will gain detailed knowledge in scripting and data exploitation.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and student practical’s.
Course Highlights
Learn to use various applications and utilities to successfully identify, understand and document numerous Windows® 11 artifacts that are vitally important to forensic Examinations.
Learn how to process core system artifacts including SQLite Database analysis, and other new Windows®11 specific applications.
Gain in-depth knowledge of Windows OneDrive synchronization and how data is shared between trusted devices.
Unbiased use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and practical’s.
The course will follow adult learning principles through training aids such as presentations, diagrams and practical instructor lead examples. Each artifact covered will be presented in either one or two 50-minute sessions followed by review questions. Students will be given the opportunity throughout the course to ask questions and discuss objectives covered in more detail. Throughout each day students will have practical exercises to work on in order to reinforce the topics.
Course Trainer
ROB ATTOE
Rob is the CEO and Founder of Spyder Forensics. He has over two decades of experience developing and presenting training on Digital Forensics, Cyber Security, Mobile Forensics, and eDiscovery education programs for the global digital investigations community.As a lifetime member of the International Association of Computer Investigative Specialists (IACIS), Rob instructs regularly at the association’s annual conferences and is a lead instructor for several advanced courses as well as regularly presenting at the premier international digital forensics conferences. Rob has contributed to digital forensic publications and is a subject matter expert in various courses for the ATA program managed by the State Department in the USA.
Course Cost: USD $2,595
Participants will receive
4-Days of Instruction
Course Manual
Practical Files
Attendance Certificate