Specialized DFIR: Windows File System and Browser Forensics
Offered By: Pluralsight
Course Description
Overview
Analyzing Windows file systems and browser artifacts can provide critical information in investigations.
Windows forensic investigations can be daunting with the number of places that contain potential evidence. Focusing on specific areas of the Windows OS will help speed an investigation up and find the information you need. Two of those areas are the Windows NTFS file system, and browser activity. In this course, Specialized DFIR: Windows File System and Browser Forensics, you’ll learn to analyze the Windows NTFS file system as well as Internet browser activity for evidence of compromise and suspicious activities. First, you’ll explore the NTFS master file table, convert it to a readable format, and find new and modified files related to a compromise. Next, you’ll discover where Internet browsers store their information and how you can use that to your advantage. Finally, you’ll learn how to combine all of this information to have a more comprehensive view of the malicious activities that took place on a compromised host. When you’re finished with this course, you’ll have the skills and knowledge needed to to perform file system and browser forensics on a Windows system.
Windows forensic investigations can be daunting with the number of places that contain potential evidence. Focusing on specific areas of the Windows OS will help speed an investigation up and find the information you need. Two of those areas are the Windows NTFS file system, and browser activity. In this course, Specialized DFIR: Windows File System and Browser Forensics, you’ll learn to analyze the Windows NTFS file system as well as Internet browser activity for evidence of compromise and suspicious activities. First, you’ll explore the NTFS master file table, convert it to a readable format, and find new and modified files related to a compromise. Next, you’ll discover where Internet browsers store their information and how you can use that to your advantage. Finally, you’ll learn how to combine all of this information to have a more comprehensive view of the malicious activities that took place on a compromised host. When you’re finished with this course, you’ll have the skills and knowledge needed to to perform file system and browser forensics on a Windows system.
Syllabus
- Course Overview 1min
- Windows NTFS Analysis 9mins
- NTFS Timeline Generation and Analysis 12mins
- Browser Artifacts 10mins
- Browser Analysis 12mins
- Conclusion 8mins
Taught by
Tyler Hudak
Related Courses
Foundations of Computer Science for TeachersThe University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX