The Windows OS Forensics course offers in-depth knowledge of Windows file systems, including Fat32, ExFat, and NTFS. Students will explore how these systems store data, the impact of writing and deleting files, and the process of recovering deleted files. Additionally, the course delves into correctly interpreting file system data structures to enhance understanding of their functionality.
Key topics covered in the course include understanding bits, bytes, and endianness, disk partition schema, file systems such as FAT, NTFS, and ex-fat, and Windows registry forensics. Through a blend of theoretical learning and practical exercises, students will gain the necessary skills to validate information from multiple forensic tools accurately.
Certificate Available ✔
Get Started / More Info
The Windows OS Forensics course modules cover a wide range of topics, including bits, bytes, endianness, disk partition schema, FAT file system, NTFS file system, ex-fat file system, and Windows registry forensics.
Module 1 delves into the fundamental concepts of bits, bytes, and endianness, providing a comprehensive understanding of converting decimal to binary, binary to hex, signed integers, and the differences between little endian and big endian.
Module 2 explores the disk partition schema, distinguishing between physical and logical drives, sectors and clusters, MBR and GPT partition schema, and solid-state disks, offering a detailed insight into the structure of storage devices.
Module 3 focuses on the FAT file system, covering its overview, volume boot record, root directory, FAT table, file creation and deletion, and file recovery, providing a comprehensive understanding of the FAT file system's functionality and recovery processes.
Module 4 delves into the NTFS file system, addressing its overview, volume boot record, master file table, data runs, creation and deletion of files, and file recovery, offering an in-depth insight into the NTFS file system's structure and file management processes.
Module 5 provides a comprehensive overview of the ex-fat file system, including its history, volume boot record, root directory, file creation and deletion, and file recovery, enabling students to understand the functionality and recovery processes of the ex-fat file system.
Module 6 explores Windows registry forensics, covering its overview, live registry, location of registry files within an image file, common forensics artifacts found in the registry, and a Windows OS Forensics quiz, offering a detailed insight into Windows registry forensics and forensic artifacts.
Privacy Fundamentals introduces fundamental privacy concepts, laws, and frameworks, providing foundational knowledge of important privacy topics and guidance. Enroll...
Data Encryption using AWS KMS From UST equips learners with the skills to use AWS KMS for cryptographic operations, encrypt and decrypt sensitive data, and create...
Network Defense Essentials (NDE) provides a comprehensive introduction to information security and network defense. Learners gain hands-on experience and expertise...
Incident Management and Continuous Improvement equips cybersecurity and remote work professionals with skills to secure remote teams and manage incidents effectively....