Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

"Windows users are still the biggest InfoSec weakness" says expert

Windows forensic analysis skills are vital to address increased cyber security threats

  • UK
  • April 20, 2015

Even with the expected arrival of a slew of security improvements in Windows 10 such as multi-factor authentication, automatic encryption and a trusted app whitelist; "...users on Windows machines are still the most likely entry point for a cyber-attack and the long tail of operating systems still in widespread use makes Windows forensics skills essential for all investigators and first responders," says Christian Prickaerts, a highly respected expert Forensic investigator and SANS Instructor with a 15 year career including time working for a large university in the Netherlands and Fox-IT.

"In many cases, the user is completely unaware of the attack which through social engineering or malware starts a chain reaction that can ultimately lead to an incident which in the case of APT style attacks may well remain undetected within an environment for many months," he adds.

Although newer Microsoft operating systems have made great strides in helping to secure common weaknesses, Prickaerts points to the huge number of systems, including Windows XP that are still used but are effectively out of support when it comes to security updates and patches. "Strong Windows forensic skills are also important for validating security tools, enhancing vulnerability assessments, identifying insider threats, tracking hackers, and improving security policies," says Prickaerts.

In June, Prickaerts will be teaching an updated version of SANS FOR408: Windows Forensic Analysis with a focus on collecting and analysing data from computer systems to track user-based activity that can be used in internal investigations as well as civil and criminal litigation.

"Proper analysis requires real data for students to examine and as such the course trains digital forensic analysts through a series of hands-on exercises that incorporate evidence found on the latest Microsoft technologies including Windows 8.1, Office365, Skydrive, Sharepoint, Exchange Online as well as older platforms such as XP, Windows 7 and Server 2008/2012," says Prickaerts.

As part of the course, students learn how to identify artefacts and evidence locations that will answer key questions, including details about program execution, file opening, external device usage, geo-location, file download, anti-forensics, and system usage.

The course will run in Dublin from June 8th-13th at the Hilton Doubletree's Morrison Hotel alongside the popular SEC401: Security Essentials Bootcamp Style. "Early Bird" Registration is still open and SANS is offering discounts for students that register and pay prior to April 29th and for larger groups. For more information, please visit:

Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (