Windows Forensics - XP
Duration: 3 days.
Audience: Forensic investigators with experience in forensic case work and a basic working knowledge of FTK, FTK Imager and PRTK.
Pre-requisites: Read and understand the English language
Attend the AccessData Forensic Bootcamp or have equivelant experience with FTK and PRTK
Have previous investigative experience in forensic case work
Be familiar with Microsoft Windows environment
Topics Covered: Introduction
FTK Overview
Regular Expressions
Windows Registry
Registry Viewer
ID Theft Practical
The Recycle Bin
Thumbs.db Files
Metadata
Link and Spool Files
ID Theft - Practical 2
PRTK Alternate Features
Encrypting File System
Alternate Data Streams
Processing Information Lab - EFS and ADS
ID Theft - Practical 3
PDF Course Outline