Category: Tutorial

Posted on 2017-12-07, by everest555.


English | Size: 244.54 MB
Category: Security

FOR500: Windows Forensic Analysis focuses on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You can't protect what you don't know about, and understanding forensic capabilities and artifacts is a core component of information security. You will learn how to recover, analyze, and authenticate forensic data on Windows systems, track particular user activity on your network, and organize findings for use in incident response, internal investigations, and civil/criminal litigation. You will be able to use your new skills to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Whether you know it or not, Windows is silently recording an unbelievable amount of data about you and your users. FOR500 teaches you how to mine this mountain of data.

Proper analysis requires real data for students to examine. The completely updated FOR500 course trains digital forensic analysts through a series of new hands-on laboratory exercises that incorporate evidence found on the latest Microsoft technologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office365, cloud storage, SharePoint, Exchange, Outlook). Students leave the course armed with the latest tools and techniques and prepared to investigate even the most complicated systems they might encounter. Nothing is left out - attendees learn to analyze everything from legacy Windows 7 systems to just-discovered Windows 10 artifacts.

FOR500: Windows Forensic Analysis will teach you to:
Conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016
Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage
Focus your capabilities on analysis instead of on how to use a particular tool
Extract critical answers and build an in-house forensic capability via a variety of free, open-source, and commercial tools provided within the SANS Windows SIFT Workstation

FOR500 is continually updated. The course uses an intellectual property theft and corporate espionage case that took over six months to create. You work in the real world, so your training should include real-world practice data. Our instructor development team used incidents from their own investigations and experiences to create an incredibly rich and detailed scenario designed to immerse students in an actual investigation. The case demonstrates the latest artifacts and technologies an investigator might encounter while analyzing Windows systems. The detailed workbook shows step-by-step the tools and techniques that each investigator should employ to solve a forensic case.

Windows Forensics Course Topics:

Windows Operating Systems Focus (Win7, Win8/8.1, Windows 10, Server 2008/2012/2016)
Windows File Systems (NTFS, FAT, exFAT)
Advanced Evidence Acquisition Tools and Techniques
Registry Forensics
Shell Item Forensics
Shortcut Files (LNK) - Evidence of File Opening
Shellbags - Evidence of Folder Opening
JumpLists - Evidence of File Opening/Program Exec
Windows Artifact Analysis
Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis
E-Mail Forensics (Host, Server, Web)
Microsoft Office Document Analysis
Windows Recycle Bin Analysis
File and Picture Metadata Tracking and Examination
Prefetch Analysis
Event Log File Analysis
Firefox, Chrome, and Internet Explorer Browser Forensics
Deleted Registry Key and File Recovery
String Searching and File Carving
Examination of Cases Involving Windows 7, Windows 8/8.1, and Windows 10
Media Analysis and Exploitation involving:
Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)
Identifying if and how the suspect downloaded a specific file to the PC
Determining the exact time and number of times a suspect executed a program
Showing when any file was first and last opened by a suspect
Determining if a suspect had knowledge of a specific file
Showing the exact physical location of the system
Tracking and analysis of external and USB devices
Showing how the suspect logged on to the machine via the console, RDP, or network
Recovering and examining browser artifacts, even those used in a private browsing mode
Discovering utilization of anti-forensics, including file wiping, time manipulation, and program removal
The Course Is Fully Updated to Include Latest Windows 7, 8, 8.1, 10 and Server 2008/2012/2016 Techniques



Sponsored High Speed Downloads
5964 dl's @ 3307 KB/s
Download Now [Full Version]
7897 dl's @ 3819 KB/s
Download Link 1 - Fast Download
6971 dl's @ 3556 KB/s
Download Mirror - Direct Download

Search More...

Search free ebooks in!

Download this book

No active download links here?
Please check the description for download links if any or do a search to find alternative books.

Related Books


No comments for "SANS FOR500".

    Add Your Comments
    1. Download links and password may be in the description section, read description carefully!
    2. Do a search to find mirrors if no download links or dead links.
    Back to Top