- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive!
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top Security Risks
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Generic course descriptions, individual event descriptions may vary. Be sure to read the course description for exact training event you're interested in carefully.
>> Upcoming Events for this Course <<
Sort Within Discipline By: Popularity | Title | Course Number
Opened my eyes to things that I thought I already knew, and I'm already learning new material on day 1
-Anthony Fischer, Front Porch, Inc.
Security 441
2 Day Course
Windows Forensics
6 CPE Credits per dayInvestigations involving Windows-based operating systems occur every day. As a result, it is essential for an investigator to know how to properly examine the critical files and structures of the Windows operating system. This two-day course will provide an in-depth study and examination of the forensic evidence left on the VISTA, Windows XP, and Windows server based operating systems. This hands-on forensic course will arm you with methods and techniques to investigate critical areas of the Windows operating system for any case.
Beginning with the registry, the new investigator will learn how to discover critical user and system information from the Windows Registry that is pertinent to any investigation. Second, the investigator will learn how to find and examine logs from a Windows machine in order to find relevant data to any case. In the final part of the day, the investigator will learn how to examine and search email for key evidence. Throughout the day, the investigator will utilize their skills in real hands-on cases exploring evidence and artifacts discussed throughout the day.
- Topics
- Registry Forensics
- Registry Basics
- Core System Information
- System Name and Version
- Configuration (Domain, Workgroup)
- Networks
- Drives
- USB Drives
- User Information
- Group Information
- Install Date
- Timezone
- User Forensic Data
-
- User searches
- Typed URLS
- Recently Modified Documents
-
- Event Log Forensics
- Event Logging Basics
- Locations
- Viewers
- Event Types
- Email Forensics
- How Email Works
- Locations
- Examination
- Types of Email Formats
- Email Analysis
- Email Searching and Examination
- Registry Forensics
- Day 1 Exercises
- Profile a computer system using evidence found in the registry
- Profile a user’s activities using evidence found in the registry
- Find event log evidence of user logins and odd system activity in the event logs
- Find email evidence containing a specific set of keywords
- Find email evidence sent to a specific email address
- © 2000-2010 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy