|
(W00) Course Instructions |
|
00:00:00 |
Before the course |
|
(W31M00) About The Course |
FREE |
00:00:00 |
|
(W31M00) Setting Up The Lab |
|
00:00:00 |
|
(W31M00) Intro Video |
FREE |
00:00:00 |
|
(W31M00) eBook Download |
|
00:00:00 |
Module 1 |
|
(W31M01) An introduction to Windows Logging |
|
00:00:00 |
|
(W31M02) The EVTX files |
|
00:00:00 |
|
(W31M02V01) The EVTX files Video |
|
00:00:00 |
|
(W31M03) Getting started with PowerShell |
|
00:00:00 |
|
(W31M03V02) Getting started with PowerShell Video |
|
00:00:00 |
|
(W31M04) Using PowerShell for Log Analysis |
|
00:00:00 |
|
(W31M05) Useful logs in computer forensics |
|
00:00:00 |
|
(W31M06) Logs from different channels |
|
00:00:00 |
|
(W31M04V03) Using PowerShell for Log Analysis Video |
|
00:00:00 |
|
(W31A01) Exercise: Tracking system boot and shutdown phases |
30, 00:00 |
|
(W31A02) Exercise: Reconstructing recent activity on the computer |
30, 00:00 |
Module 2 |
|
(W31M09) An introduction to the Windows Registry |
|
00:00:00 |
|
(W31M10) How the Registry works: Keys and values |
|
00:00:00 |
|
(W31M11) The hives |
|
00:00:00 |
|
(W31M12) Windows Registry extraction with FTK Imager |
|
00:00:00 |
|
(W31M12V04) Windows Registry extraction with FTK Imager Video |
|
00:00:00 |
|
(W31M13) Parsing the Registry with FTK Imager |
|
00:00:00 |
|
(W31M13V05) Parsing the Registry with FTK Imager Video |
|
00:00:00 |
|
(W31M14) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet |
|
00:00:00 |
|
(W31M14V06) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet Video |
|
00:00:00 |
|
(W31A03) Exercise: Registry Key Cell analysis with FTK Imager |
28, 00:00 |
|
(W31A04) Exercise: Retrieving information with PowerShell |
30, 00:00 |
|
(W31M17) Appendix to module 2 |
|
00:00:00 |
Module 3 |
|
(W31M18) Registry Analysis with Registry Viewer |
|
00:00:00 |
|
(W31M18V07) Registry Analysis with Registry Viewer Video |
|
00:00:00 |
|
(W31M19) Machine and Operating System |
|
00:00:00 |
|
(W31M19V08) Machine and Operating System Video |
|
00:00:00 |
|
(W31M20) USB devices |
|
00:00:00 |
|
(W31M20V09) USB devices Video |
|
00:00:00 |
|
(W31M21) Users |
|
00:00:00 |
|
(W31M21V10) Users Video |
|
00:00:00 |
|
(W31M22) Applications |
|
00:00:00 |
|
(W31M22V11) Applications Video |
|
00:00:00 |
|
(W31M23) Network |
|
00:00:00 |
|
(W31M23V12) Network Video |
|
00:00:00 |
|
(W31A05) Exercise: Investigating through Registry Analysis |
30, 00:00 |
|
(W31A06) Exercise: Parsing Registry Keys to collect network information |
30, 00:00 |
|
(W31M26) Appendix to module 3 |
|
00:00:00 |
Module 4 |
|
(W31M27) Combining PowerShell with Log Parser |
|
00:00:00 |
|
(W31M27V13) Combining PowerShell with Log Parser Video |
|
00:00:00 |
|
(W31M28) Tracking Remote Desktop Sessions |
|
00:00:00 |
|
(W31M29) Tracking Network Connections |
|
00:00:00 |
|
(W31M29V14) Tracking Remote Desktop Sessions Video |
|
00:00:00 |
|
(W31M30) A practical example - Unauthorized access from a corporate network |
|
00:00:00 |
|
(W31M30V15) A practical example – Unauthorized access from a corporate network Video |
|
00:00:00 |
|
(W31M31A07) Exercise: Reconstructing a Remote Desktop Session |
30, 00:00 |
|
(W31M31A08) Exercise: Putting it all together - simulation of a real forensics expertise in a Windows Environment |
30, 00:00 |
|
(W31Q01) Windows Registry and Log Analysis Final Exam |
|
00:20:00 |