Master Windows prefetch analysis in digital forensics. Learn to use prefetch data as evidence, understand user behavior, and explore free forensic tools in one hour.
Dive into the world of Windows Prefetch in just an hour! This friendly course is all about understanding prefetch data and its significance in computer forensics, helping both newbies and pros sharpen their skills with some practical exercises and nifty tools.
Learn how an analyze Windows prefetch evidence
Welcome to the Surviving Digital Forensics series. This class is focused on helping you become a better computer forensic examiner by understanding how to use Windows Prefetch data to prove file use and knowledge - all in about one hour.
As with previous SDF classes you will learn by doing. The class begins with Windows prefetch fundamentals and will provide an understanding of how the artifact works. Then students delve into several validation exercises to observe how user driven activity affects Windows prefetch evidence. The last section teaches students how to use several freely available DFIR community built forensic tools to examine prefetch evidence. By the end of the class students will have a solid understanding of how to use the Windows prefetch as evidence, understand the types of user behaviors that affect the prefetch and know how to use Windows prefetch forensic tools.
Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or with any forensic tool you choose. Therefore you are not just going to learn about the Windows prefetch but you will learn a method you can use to answer questions that may come up in the future.
A PC running Windows 8 or Windows 10 is required for this course. The forensic tools we use are all freely available, so beyond your laptop and operating system all you need is the desire to become a better computer forensic examiner.
Understand what the Windows Prefetch artifact is
Be able to explain the artifact
Know what types of user behavior affects the artifact
5 Lectures
6 Lectures
8 Lectures
8 Lectures
2 Lectures
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics. Certifications include: C|EH, CFCE, CISSP, EnCE, CCE
Great overview of Windows Prefetch
Great
super
very good, Excellent topic very informative
It is very nicely explained and uses an up-to-date environment. It is an interesting subject regarding these precise forensic artifacts, although most modern PC's will come with prefetching disabled by default. But the course itself is worth the time.
Great course on Windows Prefetch Forensics!
Excelente el material y las prácticas.
good course content and explanation
Excellent!
Your email address will not be published. Required fields are marked *
Estela A.
Great course.