The Spyder Forensic Advanced Windows® 10 Forensic Analysis course will give participants unbiased knowledge and skills necessary to analyze artifacts left behind through system and user interaction with the host system, utilizing industry standard tools and open source applications to explore the data in greater depth by learning how applications function and store data in the file system. Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows® artifacts that are vitally important to forensic investigations. The participant will also gain knowledge on how to process Edge browser history, cookies, temp files InPrivate browsing challenges and analysis, BitLocker encryption, Windows® Action Center (Notifications SQLite Database) and other Windows® 10 specific artifacts. The course includes gaining in depth knowledge of JumpLists, Registry analysis and prefetch files, Timeline and how they relate to forensic investigations and conclude with an in-depth look into OneDrive and synchronization processes between trusted devices.
Students will use various applications and utilities to successfully identify, process, understand and document numerous Windows® artifacts that are vitally important to perform a successful forensic investigation of the seized system. Students will gain knowledge to identify where and why Windows stores information in the Registry files, Recycle Bin, Recent folder, User directory and system folders. The participant will also learn how to process Internet Explorer history, cookies, temp files and user settings and compare them with the Edge browser released with Windows® 10.
This course provides the student with the fundamental knowledge to comprehend and investigate incidents involving electronic devices. Participants are introduced to baseline concepts to ensure they gain the prerequisite knowledge to understand issues surrounding the handling of electronic evidence and to attend the next in the series of the Spyder Forensic Certification Training curriculum.
In this course the student will learn about artifacts, user data and explore the many updates this new Operating System has introduced. During this one-day course, participants will review various Windows 10 features, learn of artifact locations for Microsoft Edge Browser, Cortana, OneDrive, Windows® Mail, Notifications and gain an overview of core registry files and new values of forensic interest pertaining to user activity on a Windows® 10 system.