Practical Windows Forensic Investigator

Upskilling Course, 40 Academic Hours

Necessary Tools and Knowledge to Perform Digital Forensics in the Windows Environment

Crafted for individuals eager to delve into computer investigations, this course focuses on the intricacies of exploring the Windows environment. It’s designed to equip participants with a diverse set of investigative tools, enhancing their skills in analyzing and deciphering computer crime events. This course aims to reconstruct and decipher software and hardware failures and to prevent such incidents in the future.

By enrolling in this course, you'll receive a comprehensive toolset tailored for deep digital forensics, enabling you to investigate computer crimes, examine computers post-attack, and identify root causes.

Who Is This Course For?

SOC IR and forensics teams
Law enforcement specialists
Cybersecurity practitioners
Forensic analysts
Network defenders
IT Network Engineers
IT Operations
STEM Master’s students

Prerequisite

Several years of experience in IT or security

Learning Objectives

Become acquainted with various key concepts of Windows forensics
Become familiar with tools and concepts
Become familiar with procedures, processes, and workflows
Find, collect, and perform forensic investigations of digital evidence
Learning to identify, extract and investigate common artifacts in Windows (including USB, Filesystem, Browsers, Registry, etc.)

What You'll Get...

Course presentation as a PDF file
Cheat sheets and useful documentation
"Swiss Army Knife" - 3Gb of IR tools
21 hours of practical learning experience through hands-on activities
A Wawiwa certificate upon successful completion of the course

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include: GIAC Certified Intrusion Analyst (GCIA), GIAC Foundational Cybersecurity Technologies (GFACT), GIAC Certified Forensic Examiner (GCFE), and GIAC Certified Forensic Analyst (GCFA).

Sampling of relevant Cybersecurity certifications

Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.

The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

"I always found interest in cybersecurity. I had a passion for this huge field that keeps evolving. I looked for courses online, and found that most of them are very hands off, a video running on a website. Then I found Wawiwa’s Cybersecurity program. I registered and throughout the program, actually found myself looking forward to class. It’s a live session, with a lot of practical work, working on real-life cyber tools and experiencing what they can do. The instructors have real-life stories and examples from the field to get points across. It makes the program really exciting!”

Course Syllabus

Module 1: Introduction to Incident Response (2 Theoretical Hours)

Threat Actors
SOC Building Blocks
Live Demo – “Show Me the Money” Use Case
Hands-On Activity 1-1: Desktop Challenge
Hands-On Activity 1-2: Incident Response Challenge
Assignment 1-1: Watch and Relax

Module 2: Introduction to Practical Malware Analysis (2 Theoretical Hours)

Malware and Malware Analysis
Analysis Techniques
Types of Malwares
Malware Behavior
Live Demo – Persistence Mechanisms
Creating a Safe Analytical Environment
Live Demo – Performing Malware Analysis on Windows
Live Demo – Armored Malware
Quiz
Assignment 2-1: Introduction to Practical Malware Analysis

Module 3: Build Your Malware Analysis Lab (2 Theoretical Hours, 2 Practical Hours)

Why Do You Need a Malware Analysis Lab?
How to Build It?
Step 1. Your Network
Step 2. Virtualization?
Step 3. Analysis Machines
Step 4. Testing Your Environment
Step 5. Start Your Malware Analysis
Quiz
Assignment 3-1: Analyze your Malware

Module 4: Introduction to Practical Digital Forensics (2 Theoretical Hours, 2 Practical Hours)

Introduction and Definition
Crime Scene
The Forensic Lab and Tools
Quiz
Assignment 4-1: Files True Type

Module 5: Know Your Forensics Investigation Lab and Tools (2 Theoretical Hours, 2 Practcal Hours)

The Investigator Lab
The Lab
Hardware Prerequisites
The Investigator Software
Conclusion
File Signature Table / Magic Number
Hands-On Activity 5-1: What is Your Type?
Assignment 5-1: Job Interview

Module 6: Digital Forensics and Enforcement of Law (CTF) (2 Theoretical Hours)

Cyber Crime Workflow
Digital Forensics and Enforcement of the Law
The Fourth Amendment
Chain of Custody
Anti-Computer Forensics
Anti-Forensics Methods
Anti-Forensics Tools
Hands-On Activity 6-1: Steganography
Hands-On Activity 6-2: Twitter Secret Messages
Assignment 6-1: Into the Square

Module 7: Windows Forensics Investigation and Reports (2 Theoretical Hours)

Cleanup
Writing Report for Digital Forensics
Overview/Case Summary
Forensic Acquisition and Exam Preparation
Findings and Report

Module 7a: Practical Windows Forensics Investigation (2 Theoretical Hours, 4 Practical Hours)

Practical Windows Forensics
Digital Forensics-Primary Goals
Forensics Analysis Process
Forensics Investigation Process
Forensics Analysis Checklist
The Most Important Artifacts of Windows 7

Module 7b: Windows Artifacts (2 Theoretical Hours, 3 Practical Hours)

Windows Registry
MRU
Shellbags
JumpLists
USB Device
MCAB Times
Recycle Bin
Event Log
RDP
Thumbs.db
Hands-On Activity 7-1: USB Investigation
Assignment 7b-1: Multiple Device

Module 8: Memory Forensics (2 Theoretical Hours, 3 Practical Hours)

Prefetch
Page Files
Create Memory Dump
Analysis Dump Files:
- Volatility
- Volix
- Memorize

Module 9: Reporting and Cleanup (2 Theoretical Hours, 2 Practical Hours)

What Needs to Be Documented
Writing the Forensics Investigation Report
Storing and Cleaning Up Evidence

Module 10: Final Exercise (2 Practical Hours)

Hands-On Investigation and Report Writing

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.