Intro to Windows Forensics Using Free Tools presented at CircleCityCon 2017

by Marcus Thompson,

Summary : This course introduces participants to the fundamentals of digital forensics for Windows-based systems. You will learn how to preserve, acquire, examine, and analyze digital evidence for an investigation. Topics include disk basics, disk imaging, NTFS, Windows Registry, live memory acquisition, file carving, artifact correlation, and timelining. Several hands-on exercises are included. Requisite knowledge includes computer architecture, data representation (hex to decimal conversions), basic SQL, and basic command line.