Windows Forensic Analysis


Windows Forensic Analysis

  • In this course the student will learn to develop to the maximum their capacities as a forensic specialist in Windows
  • The course makes a deep analysis of the phases, acquisition of evidence and location of forensic artifacts.
  • The course is oriented 100% to practice with real evidence.
  • The course material consists of access to the academy, support material, exercises, videos and access to forensic laboratories.
  • Dedicated analysis machine for each student with over 60 forensic tools
  • On-line instructors to answer questions and follow-up
  • No access limit to the academy and its content
  • Periodic updates
  • Downloadable PDF
  • 90 days of access to virtual laboratories


  • This course offers the student the means to begin to know, to deepen in the forensic artifacts of Windows systems.
  • Dedicated machine is provided with forensic tools, ready to start learning.
  • This certificate is the first step to obtain the competences of E-Discovery in Windows systems.
  • At the end of the course there will be a series of exams.


  • + 4 hours and a half video of analysis and interpretation of artifacts in Windows systems
  • Online teachers to answer questions and follow-up
  • Multiplatform access to the academy
  • 100% practical analysis
  • Theoretical and practical final exams to obtain the ICBDF certification
  • Private access by VPN 24 × 7 to all laboratories
This training course is for


  • State Security Forces
  • IT Professionals
  • Computer Forensic Experts
  • Incident Responders
  • System Administrators
  • Security enthusiasts who want to expand knowledge
You will be able to

Upon completion of this course you will be able

  • Perform the appropriate Windows forensic analysis with the key techniques focused on Windows 7/8/10
  • Use large-scale forensic tools and methods of analysis to detail almost every action a suspect performed on a Windows system.
  • Identify the keywords searched by a specific user on a Windows system to identify the data and information that the suspect was interested in finding and performing detailed damage assessments
    Use the forensic tools of the browser to perform detailed analyzes of the web browser, analyze databases of SQLite.
  • Determine each time a unique and specific USB device was connected to the Windows system, the files and folders that were accessed on it, and who connected it by analyzing the Windows artifacts, such as the Registry and the log files.
  • Learn event log analysis techniques.
  • Determine where a crime was committed using the Registry data to identify the geographic location of a system by examining the connected networks and the wireless access points
  • Discover the exact time a specific user ran a program for the last time through the Registry and analysis of Windows artifacts, and understand how this information can be used to test intent in cases such as intellectual property theft, systems violated by hackers and traditional crimes.


The most complete virtual laboratory regarding Digital Forensics, with live systems and post-mortem evidences. The student will connect in VPN to the remote virtual laboratory network and can use their own forensic tools.

Content - Windows Digital Forensic

Module 1: Introduction to Digital Forensics and Evidence Acquisition
Module 2: File System
Module 3: Windows Forensic Artifacts
Module 4: Windows Events
Module 5: Windows 10
Module 6: Browsers Forensics
Module 7: Analysis of Cloud Storage Agents
Module 8: Antiforensics
Module 1: Introduction to Digital Forensics and Evidence Acquisition
  • What is digital forensics?
  • Acquisition Methodology
  • Types of evidence
  • Types of acquisitions
  • Types of forensic images
  • Types of acquisition tools
Module 2: File System
  • Main file systems in Windows together with the partitions
  • Forensic artifacts of the file system
  • File recovery techniques
  • Timeline generation
Module 3: Windows Forensic Artifacts
  • Forensic Artifacts of the Windows Registry
  • USB devices
  • Email Forensics
  • Thumbnails
  • Thumbcache
  • Recycle Bin
  • Execution of programs
Module 4: Windows Events
  • Windows events
  • Recovery of Windows events
  • Identification of most common scenarios in terms of security: brute force, time change, RDP sessions.
Module 5: Windows 10
  • Cortana
  • Notifications in Windows10
  • Timeline
  • Windows RecentAPPs
  • USB antiforensics
Module 6: Browsers Forensics
  • Internet Explorer 11
  • Edge
  • Firefox
  • Chrome
  • Retrieving SQLITE databases
Module 7: Analysis of Cloud Storage Agents
  • OneDrive
  • Google Drive
  • Dropbox
Module 8: Antiforensics
  • TimeStamps
  • Windows events
  • Data Hiding
  • UsbKill
  • Live Linux Distributions
  • Configuration of Windows Systems
iHackLabs Certified Windows Digital Forensics
799 €