Digital Forensic - Windows Investigation

This course has been designed for forensic investigation of windows machine post security incident. This course will equip students to gather forensic evidence against target machine using different tools and technologies.

Prerequisites: Knowledge of different version of window operating system.

Below is the detailed courseware syllabus

ModuleTopicsSubtopics
1.Introduction of Computer ForensicPreparing For an Incident and Forensics Process, Forensic Lab Environment Preparation, Forensic Investigation Techniques
2.Microsoft Windows System AnalysisWindows File System
Windows Artifacts
3.Forensically Sound Evidence CollectionCollecting Evidence from a Single System
Collecting Evidence Remotely
4.Understanding File System and Hard disksTypes of Disk Drive and Hard Disks, Understanding File Systems and Windows Boot Process, Registry Data and Windows System Files
5.Windows Forensic (Volatile Information)System Time, Logged-on Users, Open Files, NetBIOS Name Table Cache, Network Connections, Process Information/ Process to port Mapping Network Status, Clipboard Contents, Service / Driver Information, Command History Mapped Drives, Shares
6. Windows Forensic (Non-Volatile Information)Examining File Systems, Registry Settings, Event logs, Index.dat File, Connected Devices, Slack Space, Windows Search Index, Hidden Partitions and Hidden ADS
7. Windows Memory AnalysisNeed of Memory Dump and Process Creation Mechanism, Extracting the Process Image and Collecting Process Memory
8. Windows Registry Registry Structure within a Hive File, Registry Analysis, System Information
9. MD5 CalculationMD5 Algorithm and Secure Hash Signature Generator, MD5 Checksum Verifier
10. File Signature AnalysisNTFS Alternate Data Streams, Creating ,Enumerating, Deleting ADSs, Metadata , Types of Metadata, Viewing Metadata
11. Data Acquisition and DuplicationData Acquisition Methods, Static Acquisition, Live Acquisition Remote Acquisition and Forensic Duplication of Data
12. Analyzing Network Traffic and Investigating Logs
13. Password CrackingUnderstanding Windows Password Storage, Cracking windows passwords stored on running systems, Cracking offline passwords and Application Password Crackers
14. Recovery of DataRecover deleted Data / partitions and Recover formatted Data
15. Documentation & ReportsDocumenting the Investigation and Computer Forensic Report
16. Live Project