FOR408: Computer Forensic Investigations - Windows In-Depth

A session at SANS Security West 2013

FOR408: Computer Forensic Investigations - Windows In-Depth focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

This course covers the fundamental steps of the in-depth computer forensic and media exploitation methodology so that each student will have the complete qualifications to work as a computer forensic investigator in the field helping solve and fight crime. In addition to in-depth technical digital forensic knowledge on Windows Digital Forensics (Windows XP through Windows 7 and Server 2008) you will be exposed to well known computer forensic tools so such as Access Data's Forensic Toolkit (FTK), Guidance Software's EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer, and much more. Many of the tools covered in the course are freeware, comprising a full-featured forensic laboratory that each student can take with them.

About the speaker

This person is speaking at this event.

DFIR and InfoSec Professional. Entrepreneur. Faculty Fellow. Husband. Father of twins. Broncos and Nats fan. bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Thu 9th May 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session