This program is designed to provide students with a detailed study of the Windows operating system through a variety of lectures, instructor-led and independent hands-on practical exercises. This course will focus on how a variety of Windows operating systems works, with the primary focus on the most current version of Windows 10. Since the Windows OS went through a lot of changes from its XP version till version 10, there are now a lot of new artefacts that investigators need to be aware of and know how to utilize them in their investigations. At the conclusion of this course, students will have a clearer understanding of various operating system artifacts and why they present as they do, and how knowledge of these artifacts can play a significant role in the forensic and investigative process. Each day includes extensive hands-on exercises. At the end of the course, all participants will take on an exam and after successful completion will be given an official certificate for passing the course.
To obtain the maximum benefits from this class, students should be comfortable and conversant with critical internal structures of the Windows family of operating systems and with file systems in general, specifically NTFS. Additionally, students are expected to have a strong command of baseline computer forensic principles and methodologies.