Windows Endpoint Investigation
Understand various aspects of Windows forensics and learn how to investigate the footprints of an attack on the Windows Endpoint.
In this module, we will explore various aspects of Windows Forensics and how different components within Windows store information about the user activity and system configuration that could help us during a digital investigation. You will learn about file systems, registry changes, and network activity generated from user activity. At the end of this module, you will be comfortable performing digital forensics on Windows Endpoints.
0%
Windows Incident Surface
Learn how to implement DFIR techniques to explore the Windows incident surface.
0%
Compromised Windows Analysis
Learn about some key forensic artifacts and solve an interesting case of a compromised Windows workstation.
0%
Windows User Account Forensics
Learn where to search for artefacts associated with users and accounts.
0%
Windows User Activity Analysis
What happened in those 36 hours? A forensics case to solve.
0%
Expediting Registry Analysis
This room explores different tools used to expedite analysis of registry data during investigation.
0%
Windows Applications Forensics
Perform a live analysis on Windows systems, focused on determining the outliers based on known behaviour of scheduled tasks, services, and installed applications.
0%
Windows Network Analysis
Discover networking artefacts using internal tooling on Windows.
0%
Logless Hunt
Detect every attack step on a Windows machine even after threat actors cleared Security logs.
0%
Blizzard
A critical alert was triggered from a sensitive server. You are tasked to perform a live investigation on multiple machines to determine the root cause of the incident.
What are modules?
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
