Windows Forensics - Windows 7
Duration: 3 days.
Audience: Forensic investigators with a basic working knowledge of Forensic Toolkit (FTK),
Password Recovery Toolkit (PRTK) and Registry Viewer.
Pre-requisites: Read and understand the English language
AccessData Bootcamp or equivalent experience with FTK 3.x, FTK Imager and Registry Viewer
Experience with Windows XP forensic analasys
Familiarity with Windows NT file system (NTFS) mechanics
Topics Covered: Introduction
Windows 7 Overview
BitLocker and BotLocker To Go
GPT and File System Changes
Recent Folder and Jump Lists
Security
Registry Introduction
Registry Artifacts
Tracking USB Devices
Event Logs
Libraries and Homegroups
Recycle Bin
Thumbcache
Virtual Hard Drives and SSD Drives
Superfetch and Prefetch
PDF Course Outline