Skip to main content

Windows System Forensics

IDENTIFY, RESPOND TO AND RECOVER FROM A SECURITY BREACH

Breaches happen and that’s a fact. While you may have done everything possible to strengthen your network and system security, every organization needs to be prepared for how to deal with a breach should one occur. Unfortunately very few are, and a great deal of extra damage is often inflicted as a result. This course covers a broad range of forensic procedure and methodology, including acquisition of evidence and chain of custody, order of volatility, imaging of storage media, hashing and documentation, disk and memory analysis.


Request Course Details


Attending students will learn

  • Follow computer forensic procedures to investigate a compromised system, or one that may have been used in illicit activity
  • Capture, tag and handle digital forensic evidence in order to preserve chain of custody
  • Take informed decisions in handling a live system that is under investigation
  • Perform disk and memory analysis to discover illicit activity and establish a timeline
  • Report findings in a clear, methodical manner

Who should attend

  • Incident Responders who need to develop forensic analysis skills
  • Security Analysts needing to investigate compromised systems and preserve digital evidence
  • Forensic Analysts seeking deeper host-based analysis skills

Prerequisites

  • Sound understanding of the Windows operating system, including familiarity with the command line interface
  • Successful completion of either Windows System Analysis or Live System Analysis

Courses That Follow This Course

Request More Info About This Course

contact FOCAL POINT

tweets by @FocalPointDR

Loading Tweets...
VIEW MORE TWEETS >