top of page

1,600

NX212 – Windows Forensics

Valid for 6 months

*Typical completion, beginning to end: 6-9 months, when studying regularly

Windows Forensics

Investigate Windows system incidents

Master the techniques and tools needed to conduct thorough forensic investigations in Windows environments.

Series

NX Defense

Program Code

NX212

Duration

Self-Pace*

*Typical completion, beginning to end: 6-9 months, when studying regularly

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Description

Ready to dive into digital forensics? This program teaches you the methodical approach to Windows system investigation. You'll learn to analyze digital evidence, from disk analysis to memory forensics, using professional tools like FTK and Volatility. Whether you're handling compromised systems or conducting routine analysis, you'll master the techniques needed for thorough digital investigations.

Program Recognition & Impact

Our Windows Forensics program delivers comprehensive investigation methodologies:

  • Built on professional digital forensics standards

  • Used in both government and corporate environments

  • Hands-on experience with industry-leading forensic tools

  • Develops systematic investigation capabilities

  • Prepares for real-world incident analysis

Real-World Training Environment

Through our Cyberium Arena learning platform, you'll conduct real forensic investigations:   

  • Work with actual disk images and system artifacts

  • Practice professional forensic tool usage

  • Analyze live memory dumps and system events

  • Investigate real malware behavior

  • Document findings using industry standards

What You Will Learn

Windows Forensics plays a crucial role in cybersecurity. Trainees will understand the data storage mechanisms of the Windows OS and acquire the skills to conduct investigations during and post cyber incidents.

WINDOWS FORENSICS
  • This module explores file and disk handling, encoding, and number systems, delving into digital sizes and SSD features. It includes hands-on training with a Hex Editor and teaches disk and file viewing techniques. The section proceeds to cover automatic carving, and methods to examine system files and metadata in Windows.

    • Files and Disks

    • Encoding

    • Number Systems

    • Digital Sizes

    • Solid State Drive (SSD) Features

    • Hex Editor

    • Working with Offsets

    • Viewing Files

    • Viewing Disks

    • Automatic Carving

    • Carving Methods

    • Automatic Carvers

    • Windows System Files

    • Metadata

    • Viewing Metadata

    • Modified Accessed Created

    • Editing Exif Data
       

  • This module delves into steganography, teaching how to identify, extract, and create hidden files. It transitions into hard disk analysis, focusing on system files and Master File Table (MFT) analysis. It also imparts hands-on experience with Forensic Toolkit (FTK), a crucial tool for digital forensics. This module equips learners with vital skills in data hiding and disk analysis.

    • Steganography

    • Identify Hidden Files

    • Extracting Hidden Files

    • Creating Hidden Files

    • Hard Disk Analysis

    • System Files

    • MFT Analysis

    • Working with FTK

  • This module delves into the analysis of digital artifacts. It focuses on registry analysis, including data extraction and examination of NTUSER.DAT files. The module concludes with techniques for conducting a general search and the use of registry viewers, thereby enhancing learners' understanding of digital artifact investigation.

    • Artifacts

    • Artifact Directories

    • Browsers

    • Shadow Copies

    • Registry Analysis

    • Extracting Data

    • NTUSER.DAT Analysis

    • General Search

    • Registry Viewers
       

  • This module delves into the complex realms of memory, event, network, and malware analysis. It imparts key skills for inspecting computer memory, investigating system events, analyzing network interactions, and examining malicious software, thereby equipping learners with critical abilities for cyber forensics investigations.

    • Memory Analysis

    • Creating an Image

    • Working with Volatility

    • Carving Data from RAM

    • Events Analysis

    • Event Viewers

    • Setting Audit Policy

    • Custom Search

    • Network Analysis

    • Service Protocol Analysis

    • Identifying Darknet Connections

    • Malware Analysis

    • Basic Static Analysis

    • Basic Dynamic Analysis
       

bottom of page