Course Curriculum

(W00) Course Instructions 00:00:00
Before the course
(W31M00) About The Course FREE 00:00:00
(W31M00) Setting Up The Lab 00:00:00
(W31M00) Intro Video FREE 00:00:00
(W31M00) eBook Download 00:00:00
Module 1
(W31M01) An introduction to Windows Logging 00:00:00
(W31M02) The EVTX files 00:00:00
(W31M02V01) The EVTX files Video 00:00:00
(W31M03) Getting started with PowerShell 00:00:00
(W31M03V02) Getting started with PowerShell Video 00:00:00
(W31M04) Using PowerShell for Log Analysis 00:00:00
(W31M05) Useful logs in computer forensics 00:00:00
(W31M06) Logs from different channels 00:00:00
(W31M04V03) Using PowerShell for Log Analysis Video 00:00:00
(W31M07) Exercise: Tracking system boot and shutdown phases 00:00:00
(W31A01) Exercise: Tracking system boot and shutdown phases 30, 00:00
(W31M08) Exercise: Reconstructing recent activity on the computer 00:00:00
(W31A02) Exercise: Reconstructing recent activity on the computer 30, 00:00
Module 2
(W31M09) An introduction to the Windows Registry 00:00:00
(W31M10) How the Registry works: Keys and values 00:00:00
(W31M11) The hives 00:00:00
(W31M12) Windows Registry extraction with FTK Imager 00:00:00
(W31M12V04) Windows Registry extraction with FTK Imager Video 00:00:00
(W31M13) Parsing the Registry with FTK Imager 00:00:00
(W31M13V05) Parsing the Registry with FTK Imager Video 00:00:00
(W31M14) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet 00:00:00
(W31M14V06) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet Video 00:00:00
(W31M15) Exercise: Registry Key Cell analysis with FTK Imager 00:00:00
(W31A03) Exercise: Registry Key Cell analysis with FTK Imager 28, 00:00
(W31M16) Exercise: Retrieving information with PowerShell 00:00:00
(W31A04) Exercise: Retrieving information with PowerShell 30, 00:00
(W31M17) Appendix to module 2 00:00:00
Module 3
(W31M18) Registry Analysis with Registry Viewer 00:00:00
(W31M18V07) Registry Analysis with Registry Viewer Video 00:00:00
(W31M19) Machine and Operating System 00:00:00
(W31M19V08) Machine and Operating System Video 00:00:00
(W31M20) USB devices 00:00:00
(W31M20V09) USB devices Video 00:00:00
(W31M21) Users 00:00:00
(W31M21V10) Users Video 00:00:00
(W31M22) Applications 00:00:00
(W31M22V11) Applications Video 00:00:00
(W31M23) Network 00:00:00
(W31M23V12) Network Video 00:00:00
(W31M24) Exercise: Investigating through Registry Analysis 00:00:00
(W31A05) Exercise: Investigating through Registry Analysis 30, 00:00
(W31M25) Exercise: Parsing Registry Keys to collect network information 00:00:00
(W31A06) Exercise: Parsing Registry Keys to collect network information 30, 00:00
(W31M26) Appendix to module 3 00:00:00
Module 4
(W31M27) Combining PowerShell with Log Parser 00:00:00
(W31M27V13) Combining PowerShell with Log Parser Video 00:00:00
(W31M28) Tracking Remote Desktop Sessions 00:00:00
(W31M29) Tracking Network Connections 00:00:00
(W31M29V14) Tracking Remote Desktop Sessions Video 00:00:00
(W31M30) A practical example - Unauthorized access from a corporate network 00:00:00
(W31M30V15) A practical example – Unauthorized access from a corporate network Video 00:00:00
(W31M32) Exercise: Reconstructing a Remote Desktop Session 00:00:00
(W31M31A07) Exercise: Reconstructing a Remote Desktop Session 30, 00:00
(W31M31) Exercise: Putting it all together - simulation of a real forensics expertise in a Windows Environment 00:00:00
(W31M31A08) Exercise: Putting it all together - simulation of a real forensics expertise in a Windows Environment 30, 00:00
(W31Q01) Windows Registry and Log Analysis Final Exam 00:20:00
TAKE THIS COURSE
  • $219.00
  • UNLIMITED ACCESS
  • Course Certificate
498 STUDENTS ENROLLED

Certificate Validation

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013