FOR500: Windows Forensic Analysis
About This Course
FOR500 builds in-depth and comprehensive digital forensics knowledge of Microsoft Windows operating systems by analyzing and authenticating forensic data as well as track detailed user activity and organize findings. It teaches students to apply digital forensic methodologies to a variety of case types and situations, allowing them to apply in the real world the right methodology to achieve the best outcome.
What You'll Learn
• Conduct in-depth forensic analysis of Windows operating systems and media exploitation on Windows 7, Windows 8/8.1, Windows 10, Windows 11 and Windows Server products.
• Identify artifact and evidence locations to answer crucial questions, including application execution, file access, data theft, external device usage, cloud services, device geolocation, file transfers, anti-forensics, and detailed system and user activity.
• Become tool-agnostic by focusing your capabilities on analysis instead of how to use a particular tool.
• Extract critical findings and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation.
• Establish structured analytical techniques to be successful in any security role.
Entry Requirements
There are no prerequisite SANS courses required to take this course. The artifacts and tool-agnostic techniques you will learn will lead to the successful analysis of any cyber incident and crime involving a Windows Operating System. Participants should be proficient in written and spoken English.
There are no minimum entry requirements for years of experience in the domain, education level or age group; but participants should possess the relevant prerequisite skills mentioned above before taking the course.