SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApply your credits to renew your certifications
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
Apply what you learn with hands-on exercises and labs
Gain an essential understanding of Windows artifacts and learn to perform digital forensics in Microsoft Windows operating systems to recover, analyze, and authenticate data and solve a forensic case.
This is a very high-intensity course with extremely current course material that is not available anywhere else in my experience.
FOR500 builds comprehensive Microsoft Windows forensics knowledge of , providing the means to recover, analyze, and authenticate forensic data, track user activity on the network, and organize findings for use in incident response, internal investigations, intellectual property theft inquiries, and civil or criminal litigation. Use this knowledge to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Detailed and real-world exercises teach the tools and techniques that every investigator should employ step-by-step to solve a forensic case. Newly updated to cover all Windows versions through Windows 11! It’s also the foundational course for those pursuing the GCFE certification (GIAC Certified Forensic Examiner), one of the most respected credentials in the digital forensics community.
Heather has 20+ years of experience working with government agencies, defense contractors, law enforcement, and Fortune 500 companies. Her case experience ranges from fraud, crimes against children, counter-terrorism, and homicide investigations.
Read more about Heather BarnhartFor Ovie Carroll, digital forensics is all about the hunt for evidence in digital places that are hiding critical clues, followed by deep analysis to prove something that the evidence was never intended to prove.
Read more about Ovie CarrollMattia Epifani pioneered methodologies for extracting critical evidence from encrypted mobile ecosystems, including iOS and Apple Watch. His groundbreaking work has become foundational for law enforcement and forensic analysts worldwide.
Read more about Mattia EpifaniRob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics.
Read more about Rob LeeExplore the course syllabus below to view the full range of topics covered in FOR500: Windows Forensic Analysis.
Section 1 examines digital forensics in today’s interconnected environments and discusses challenges associated with mobile devices, tablets, cloud storage, and modern Windows operating systems.
In this section, digital forensic investigators will learn how to discover critical user and system information in Windows Registry that’s pertinent to almost any investigation.
In this section, students will learn how to perform in-depth USB device examinations on all modern Windows versions. You will learn how to determine when a storage device was first and last plugged in, its vendor/make/model, drive capacity, and even the unique serial number of the device used.
Section four arms investigators with the core email analysis knowledge and capabilities to maintain and build upon this skill for many years to come.
During this section, students will comprehensively explore web browser evidence created during the use of Google Chrome, Microsoft Edge, Internet Explorer, and Firefox. The hands-on skills taught here, such as SQLite, LevelDB, and ESE database parsing, allow investigators to extend these methods to nearly any browser they encounter.
Nothing will prepare you more as an investigator than a complete hands-on challenge requiring you to use all the skills and knowledge presented throughout the course.
Investigates cybercrimes, analyzing digital media and logs to establish documentary or physical evidence in support of cyber intrusion cases.
Explore learning pathThis expert applies digital forensic skills to a plethora of media that encompass an investigation. The practice of being a digital forensic examiner requires several skill sets, including evidence collection, computer, smartphone, cloud, and network forensics, and an investigative mindset. These experts analyze compromised systems or digital media involved in an investigation that can be used to determine what really happened. Digital media contain footprints that physical forensic data and the crime scene may not include.
Explore learning pathAnalyzes digital evidence to investigate computer security incidents and support mitigation of vulnerabilities and ongoing threat response.
Explore learning pathAdd a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
As a member of the IR team, this course will aid in investigating compromised hosts.
Best forensics class I have had yet (and pretty much the only one that gives you some sort of framework on HOW to attack an exam).
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources