Topic outline

  • Windows Forensic Analysis

    This course is designed for the investigator/examiner entering into the field of digital forensics.

    Course Details

    Synopsis

    This course provides the student with the fundamental knowledge to comprehend and investigate incidents involving electronic devices. Participants are introduced to baseline concepts to ensure they gain the prerequisite knowledge to understand issues surrounding the handling of electronic evidence and to attend the next in the series of the Spyder Forensic Certification Training curriculum.

    Prerequisites

    To get the most out of this class, you should:

    •Have 6 months experience of forensic examinations.

    •Be familiar with Windows Operating systems.

    Course Modules

    • 1
      2
      3
      4
    • PARTITIONING AND FORMAT REVIEW

      In This Module You Will:

      •Describe the differences between MBR and GPT partitioned disks
      •Examine the structure of a MBR and GPT partitioned disk
      •Learn of the effects of formatting a volume to FAT
      •Learn of the effects of formatting a volume to exFAT
      •Learn of the effects of formatting a volume to NTFS.
      • FAT FILE SYSTEM

        In This Module You Will:

        •Describe the structure and functionality of the system area
        •Examine the concept of clusters and data area
        •Describe changes that occur when a file or folder is saved
        •Examine the effects of data when a file is deleted
        •Describe the process to recover deleted files on a FAT volume.
        • NTFS FILE SYSTEM DEEP DIVE

          In This Module You Will:

          •List file system support for each NT operating system
          •Identify NTFS Metadata Files
          •List the function of each Metadata file
          •Describe a File Record Entry
          •List the components of an NTFS Attribute
          •Examine the B+ Tree structure of directories
          •Describe the effects of data when a file is deleted.
          • EXFAT INTRODUCTION AND FULL EXAMINATION

            In This Module You Will:

            •Describe the history of exFAT
            •Identify the system areas of the volume
            •Breakdown the Volume Boot Record
            •File Allocation Table
            •Describe the function of Bitmap
            •Breakdown a directory entry
            •Describe the effects of data when a file is deleted and review recovery techniques.