Practical Windows Forensic Investigator

Upskilling Course, 40 Academic Hours

Necessary Tools and Knowledge to Perform Digital Forensics in the Windows Environment

Crafted for individuals eager to delve into computer investigations, this course focuses on the intricacies of exploring the Windows environment. It’s designed to equip participants with a diverse set of investigative tools, enhancing their skills in analyzing and deciphering computer crime events. This course aims to reconstruct and decipher software and hardware failures and to prevent such incidents in the future.

By enrolling in this course, you'll receive a comprehensive toolset tailored for deep digital forensics, enabling you to investigate computer crimes, examine computers post-attack, and identify root causes.

Who Is This Course For?

  • SOC IR and forensics teams 
  • Law enforcement specialists 
  • Cybersecurity practitioners 
  • Forensic analysts
  • Network defenders 
  • IT Network Engineers 
  • IT Operations 
  • STEM Master’s students


  • Several years of experience in IT or security

Learning Objectives

  • Become acquainted with various key concepts of Windows forensics
  • Become familiar with tools and concepts
  • Become familiar with procedures, processes, and workflows 
  • Find, collect, and perform forensic investigations of digital evidence 
  • Learning to identify, extract and investigate common artifacts in Windows (including USB, Filesystem, Browsers, Registry, etc.)

What You'll Get...

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include: GIAC Certified Intrusion Analyst (GCIA), GIAC Foundational Cybersecurity Technologies (GFACT), GIAC Certified Forensic Examiner (GCFE), and GIAC Certified Forensic Analyst (GCFA).

cyber certificates

Sampling of relevant Cybersecurity certifications

 Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.
The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.
Nadav Nachmias Head of Cybersecurity Programs

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

Course Syllabus

Module 1: Introduction to Incident Response (2 Theoretical Hours)

  • Threat Actors 
  • SOC Building Blocks 
  • Live Demo – “Show Me the Money” Use Case 
  • Hands-On Activity 1-1: Desktop Challenge 
  • Hands-On Activity 1-2: Incident Response Challenge 
  • Assignment 1-1: Watch and Relax

Module 2: Introduction to Practical Malware Analysis (2 Theoretical Hours)

  • Malware and Malware Analysis 
  • Analysis Techniques 
  • Types of Malwares 
  • Malware Behavior 
  • Live Demo – Persistence Mechanisms 
  • Creating a Safe Analytical Environment 
  • Live Demo – Performing Malware Analysis on Windows 
  • Live Demo – Armored Malware 
  • Quiz 
  • Assignment 2-1: Introduction to Practical Malware Analysis

Module 3: Build Your Malware Analysis Lab (2 Theoretical Hours, 2 Practical Hours)

  • Why Do You Need a Malware Analysis Lab?  
  • How to Build It? 
  • Step 1. Your Network 
  • Step 2. Virtualization? 
  • Step 3. Analysis Machines 
  • Step 4. Testing Your Environment 
  • Step 5. Start Your Malware Analysis
  • Quiz 
  • Assignment 3-1: Analyze your Malware

Module 4: Introduction to Practical Digital Forensics (2 Theoretical Hours, 2 Practical Hours)

  • Introduction and Definition 
  • Crime Scene 
  • The Forensic Lab and Tools 
  • Quiz 
  • Assignment 4-1: Files True Type

Module 5: Know Your Forensics Investigation Lab and Tools (2 Theoretical Hours, 2 Practcal Hours)

  • The Investigator Lab 
  • The Lab 
  • Hardware Prerequisites 
  • The Investigator Software 
  • Conclusion 
  • File Signature Table / Magic Number 
  • Hands-On Activity 5-1: What is Your Type? 
  • Assignment 5-1: Job Interview

Module 6: Digital Forensics and Enforcement of Law (CTF) (2 Theoretical Hours)

  • Cyber Crime Workflow 
  • Digital Forensics and Enforcement of the Law 
  • The Fourth Amendment 
  • Chain of Custody 
  • Anti-Computer Forensics 
  • Anti-Forensics Methods 
  • Anti-Forensics Tools 
  • Hands-On Activity  6-1: Steganography 
  • Hands-On Activity 6-2: Twitter Secret Messages 
  • Assignment 6-1: Into the Square

Module 7: Windows Forensics Investigation and Reports (2 Theoretical Hours)

  • Cleanup 
  • Writing Report for Digital Forensics 
  • Overview/Case Summary 
  • Forensic Acquisition and Exam Preparation 
  • Findings and Report

Module 7a: Practical Windows Forensics Investigation (2 Theoretical Hours, 4 Practical Hours)

  • Practical Windows Forensics 
  • Digital Forensics-Primary Goals
  • Forensics Analysis Process 
  • Forensics Investigation Process 
  • Forensics Analysis Checklist 
  • The Most Important Artifacts of Windows 7

Module 7b: Windows Artifacts (2 Theoretical Hours, 3 Practical Hours)

  • Windows Registry 
  • MRU
  • Shellbags 
  • JumpLists 
  • USB Device 
  • MCAB Times 
  • Recycle Bin 
  • Event Log 
  • RDP 
  • Thumbs.db 
  • Hands-On Activity  7-1: USB Investigation 
  • Assignment 7b-1: Multiple Device

Module 8: Memory Forensics (2 Theoretical Hours, 3 Practical Hours)

  • Prefetch 
  • Page Files 
  • Create Memory Dump 
  • Analysis Dump Files: 
    • Volatility 
    • Volix 
    • Memorize

Module 9: Reporting and Cleanup (2 Theoretical Hours, 2 Practical Hours)

  • What Needs to Be Documented 
  • Writing the Forensics Investigation Report 
  • Storing and Cleaning Up Evidence

Module 10: Final Exercise (2 Practical Hours)

  • Hands-On Investigation and Report Writing

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.