	(W00) Course Instructions		00:00:00
Before the course
	(W31M00) About The Course	FREE	00:00:00
	(W31M00) Setting Up The Lab		00:00:00
	(W31M00) Intro Video	FREE	00:00:00
	(W31M00) eBook Download		00:00:00
Module 1
	(W31M01) An introduction to Windows Logging		00:00:00
	(W31M02) The EVTX files		00:00:00
	(W31M02V01) The EVTX files Video		00:00:00
	(W31M03) Getting started with PowerShell		00:00:00
	(W31M03V02) Getting started with PowerShell Video		00:00:00
	(W31M04) Using PowerShell for Log Analysis		00:00:00
	(W31M05) Useful logs in computer forensics		00:00:00
	(W31M06) Logs from different channels		00:00:00
	(W31M04V03) Using PowerShell for Log Analysis Video		00:00:00
	(W31A01) Exercise: Tracking system boot and shutdown phases		30, 00:00
	(W31A02) Exercise: Reconstructing recent activity on the computer		30, 00:00
Module 2
	(W31M09) An introduction to the Windows Registry		00:00:00
	(W31M10) How the Registry works: Keys and values		00:00:00
	(W31M11) The hives		00:00:00
	(W31M12) Windows Registry extraction with FTK Imager		00:00:00
	(W31M12V04) Windows Registry extraction with FTK Imager Video		00:00:00
	(W31M13) Parsing the Registry with FTK Imager		00:00:00
	(W31M13V05) Parsing the Registry with FTK Imager Video		00:00:00
	(W31M14) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet		00:00:00
	(W31M14V06) Registry parsing with PowerShell: Get-ChildItem and Get-ItemProperty cmdlet Video		00:00:00
	(W31A03) Exercise: Registry Key Cell analysis with FTK Imager		28, 00:00
	(W31A04) Exercise: Retrieving information with PowerShell		30, 00:00
	(W31M17) Appendix to module 2		00:00:00
Module 3
	(W31M18) Registry Analysis with Registry Viewer		00:00:00
	(W31M18V07) Registry Analysis with Registry Viewer Video		00:00:00
	(W31M19) Machine and Operating System		00:00:00
	(W31M19V08) Machine and Operating System Video		00:00:00
	(W31M20) USB devices		00:00:00
	(W31M20V09) USB devices Video		00:00:00
	(W31M21) Users		00:00:00
	(W31M21V10) Users Video		00:00:00
	(W31M22) Applications		00:00:00
	(W31M22V11) Applications Video		00:00:00
	(W31M23) Network		00:00:00
	(W31M23V12) Network Video		00:00:00
	(W31A05) Exercise: Investigating through Registry Analysis		30, 00:00
	(W31A06) Exercise: Parsing Registry Keys to collect network information		30, 00:00
	(W31M26) Appendix to module 3		00:00:00
Module 4
	(W31M27) Combining PowerShell with Log Parser		00:00:00
	(W31M27V13) Combining PowerShell with Log Parser Video		00:00:00
	(W31M28) Tracking Remote Desktop Sessions		00:00:00
	(W31M29) Tracking Network Connections		00:00:00
	(W31M29V14) Tracking Remote Desktop Sessions Video		00:00:00
	(W31M30) A practical example - Unauthorized access from a corporate network		00:00:00
	(W31M30V15) A practical example – Unauthorized access from a corporate network Video		00:00:00
	(W31M31A07) Exercise: Reconstructing a Remote Desktop Session		30, 00:00
	(W31M31A08) Exercise: Putting it all together - simulation of a real forensics expertise in a Windows Environment		30, 00:00
	(W31Q01) Windows Registry and Log Analysis Final Exam		00:20:00

Windows Registry and Log Analysis (W31)

Luca Cadonici

Course Curriculum

https://eforensicsmag.com/wp-content/uploads/2023/06/logo_eForensics_white.svg