Windows System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn the most useful commands, tools, and techniques that can be employed during investigation to reveal the significant indicators of infiltration, as well as how to create a system baseline to be used for future analysis. This course is focused primarily on the Windows 10 operating system, using many tools and techniques that also apply to Windows 7 and recent versions of Windows Server.
- Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
- Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry, and Windows services
- Use event log analysis to verify and correlate the artifacts of anomalous behavior and determine the scope of an intrusion
- Use trusted command-line and GUI-based tools to ascertain the status of a running system
- Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes