• Classroom
Course Description

Getting Started in Windows Forensics Analysis Learn how to conduct in-depth forensic analysis of Windows 7 and Windows 10 operating systems. Computer Forensics Examiner Training focuses on the forensics process and identifying artifacts that prove evidence of: Application execution File access External device usage Cloud services File download Detailed system usage Data theft _This course will introduce you to ILOOKix, one of the most advanced forensic suites on the market. Until recently ILooKix was only available to law enforcement, intelligence agencies and other government agencies. Now available to the public, ILOOKix v.10 uses advanced technologies to uncover the most digital evidence, using patented data recovery techniques unmatched by any other forensic suite on the market.

Learning Objectives

In this course, you will identify, preserve, extract, analyze, and report data from digital media. You will learn the skills needed to perform a computer forensics examination and become a Certified Computer Forensic Examiner. The concepts taught in this course provide the necessary foundation to conduct computer forensics and can be applied to any digital forensics product either open source or paid forensics tools. The concepts you will learn are independent of the forensic tool used for examination. Students completing this course will:

  • Define the forensics process
  • Explain basic forensic concepts
  • Disk partitioning & Dat Stoage
  • File systems & Registry
  • Allocated & Unallocated Space
  • Volume Shadow Snapshots
  • Indexing & Hashing
  • Master File Table
  • Encrypted File System
  • Recycle Bin, LNK Files, NK2 and more
  • Conduct an examination of a forensic image of a Windows operating system
  • Understand the Windows operating system
  • Identify e-mail and web related data
  • Understand Windows system files
  • Create a case report and interpret data found during the examination

     

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.