Description
The course is designed to provide participants with a detailed overview of the Windows 10 operating system forensics. It will focus on how the Windows 10 operating system changed over the past versions and how it works “under the hood” so that participants have a better understanding of how various operating system artefacts are created, why certain artefacts appear, and how these artefacts can be leveraged for forensic and investigative purposes in comparison to the previous versions. Since the Windows OS went through a lot of changes from its XP version till version 10, there are now a lot of new artefacts that investigators need to be aware of and know how to utilize them in their investigations
Prerequisites
Working knowledge of FTK Imager and Sysinternals suite, good experience with Windows XP and Windows 7 forensic analysis, familiarity with Windows NT file system (NTFS) mechanics.
