Skip to main content

Windows System Analysis

Many organizations rely on technology to perform anomaly detections and investigations. But when it comes to identifying and investigating abnormal behavior on a system, there is no substitute for a well-trained analyst. Windows System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis. This course is primarily focused on the Windows 10 operating system, but includes many tools and techniques that also apply to Windows 7 and more recent versions of the Windows Server.

This class is 70% hands-on and 30% classroom instruction, and culminates in a capstone exercise where students are tasked with identifying and investigating compromised systems within a virtual network environment.

Request Course Details

Attending Students Will Learn

 After successfully completing this course, students will be able to:

  • Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry and Windows services
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
  • Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes
  • Conduct remote investigations of potentially compromised Windows workstations and servers

Who should attend

  • Novice Malware Analysts 
  • Incident Response Team Members
  • Network Security Professionals
  • Forensic Analysts


  • This is an introductory course ideal for those seeking a career in malware analysis, incident response, or digital forensics.
  • Students should be familiar with the general use of Windows systems, including the command line interface, and have at least a basic understanding of TCP/IP networking

Request More Info About This Course


tweets by @FocalPointDR

Loading Tweets...