- 08 bis 17 Uhr
CEO Spyder Forensics
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows® 11 artifacts that are vitally important to forensically examine the latest Microsoft operating system. The participant will gain knowledge on how to process the latest chromium Edge browser, deal with BitLocker encryption, analyze the new Windows Photos app, examine Windows Widgets, exploit the Windows Subsystem for Linux and Android, plus other Windows® 11 specific artifacts.
The course includes gaining in-depth knowledge in all aspects of Windows 11 virtualized security, plus learning of new Registry file functions and transaction logging, Shadowcopy extractions, and other core Windows artifacts will be discussed and analyzed then concluding with an in-depth look at OneDrive offline storage and synchronization processes between trusted devices the user account has authenticated to. SQLite forensics plays a major role in the analysis of data therefore students will gain detailed knowledge in scripting and data exploitation.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands-on labs and student exercises.
Who should attend?
This course is targeted at examiners who have at least 6 months of experience in digital forensics.