24.11.2024, 18:05
SANS - FOR500: Windows Forensic Analysis
Language: English | Video: H264 1280x1080 | Audio: AAC 16 kHz mono | Duration: 39h 35m | 80.7 GB
FOR500: Windows Forensic Analysis will teach you to:
Conduct in-depth forensic analysis of Windows operating systems and media exploitation on Windows XP, Windows 7, Windows 8/8.1, Windows 10, Windows 11 and Windows Server products.
Identify artifact and evidence locations to answer crucial questions, including application execution, file access, data theft, external device usage, cloud services, device geolocation, file download, anti-forensics, and detailed system and user activity.
Become tool-agnostic by focusing your capabilities on analysis instead of how to use a particular tool.
Extract critical findings and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation.
FOR500 starts with an intellectual property theft and corporate espionage case that took over six months to create. You work in the real world, so your training should include real-world practice data. Our instructor course development team used incidents from their own investigations and experiences to create an incredibly rich and detailed scenario designed to immerse students in an actual investigation. The case demonstrates the latest artifacts and technologies an investigator might encounter while analyzing Windows systems. The detailed workbook teaches the tools and techniques that every investigator should employ step by step to solve a forensic case. The tools provided can be used long after the end of class.
Please note that this is an analysis-focused course; FOR500 does not cover the basics of evidentiary handling, the "chain of custody," or introductory drive acquisition. The course authors update FOR500 aggressively to stay current with the latest artifacts and techniques discovered. This course is perfect for you if you are interested in in-depth and current Microsoft Windows Operating System forensics and analysis for any incident that occurs. If you have not updated your Windows forensic analysis skills in the past three years or more, this course is essential.
CONTENT
- 1x eBook Exercise Workbook Section 1 & 2
- first ISO: "500.21.1B hide01.ir.iso" -> Stack Memory Challenge (data to analyze using during exercise)
- second ISO: "500.21.2A hide01.ir.iso" -> SIFT Workstation (VM) + Tools