U.S. flag

An official website of the United States government, Department of Justice.

Advanced Digital Forensic Analysis: Windows

Event Dates

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and jump lists. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Key concepts covered in this course include:
     • The registry
     • Shellbags
     • Mounted devices
     • Change journal
     • Prefetch

Excel Office 365 recommended, versions 2010 and newer will be functional.

Date Created: June 24, 2022