BlackBag Windows Forensic Investigations - Live Online**EST**

Date: 14 - 17 Apr 2020 Days: Tue-Fri Hours: 9:00 AM - 5:00 PM (timezone America/New_York)
Course type: Live Online
Region: North America
Location: Live online
Enroll by: 14 Apr 2020
Log in to see the options to register for this course. If you do not already have an account, create your FREE account. Creating an account does not obligate you to enroll or pay for classes.

About this course

Take your Windows forensic skills to the investigative level and sharpen your analysis skills with an in-depth understanding of Windows-based evidence. Examiners will learn detailed knowledge of Windows-based file systems, operating system, user, and application artifacts. Windows 10 artifacts will also be scrutinized along the way providing more evidence to bolster your cases. 

Discover how the file systems functions and what the structures of artifacts store so you can insightfully choose what to examine and be in charge of the steps you take towards a higher-level investigative analysis. 

Learning objectives

The solid curriculum also features analysis techniques of Windows Registry, system data, log files, journals, Windows Users, link and jump files, prefetch, volume shadow copies, compressed archives, volatile data, and much more. 

Attendees will learn to 

  • Recover evidence pertaining to user actions, attached devices, files and folders accessed, application utilized, user settings amongst many other things.
  • Learn how BlackLight’s powerful evidence parsing and artifact support works to provide efficiency and a comprehensive evidence assessment.
  • Excel your examinations to an investigative interrogation of your evidence to drive your cases to new distances.