Description

Windows Operating System Security Analysis

This course will lead students thru the analysis process including all of the decisions made during the process. The course will cover, topics such as malware detection, user activity, and how to set up a testing environment.

Windows Forensic Analysis focuses on building in-depth digital forensics knowledge of Microsoft Windows operating systems. You can’t protect what you don’t know about, and understanding forensic capabilities and available artifacts is a core component of information security. You will learn how to recover, analyze, and authenticate forensic data on Windows systems, track individual user activity on your network, and organize findings for use in incident response, internal investigations, intellectual property theft inquiries, and civil or criminal litigation. You’ll be able to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Whether you know it or not, Windows is silently recording an unbelievable amount of data about you and your users. The attendees will learn how to mine this mountain of data and use it to their advantage.

Prerequisites

Before taking this course, students should have:

• Knowledge of IPv4, Ipv6 networking protocols is required
• OSI Model
• Skills and experience with Wireshark display filtering is required
• Knowledge of RSA Netwitness is recommended
• Knowledge of Encryption
• Knowledge of Defense-In-Depth concepts
• Knowledge of Dread and Stride models
• Attending students should have a thorough understanding of Microsoft Windows
• Python scripting abilities would be beneficial
• CompTIA’s Network+ and Security+ certifications would be beneficial but not required
• CEH Ethical Hacker will be beneficial
• CISSP certification or having attended the training will be a good foundation.

 

This course is designed for:

• Understand and follow the analysis process
• Find Malware in Windows Systems
• Examine user activity on Windows systems
• Conduct intrusion analysis on a web server
• Set up and test a lab environment
• Perform proper Windows forensic analysis by applying key techniques focusing on Windows 7, Windows 8/8.1, and Windows10
• Use state-of-the-art forensic tools and analysis methods to detail nearly every action a suspect accomplished on a Windows system, including who placed an artifact on the system and how, program execution, file/folder opening, geolocation, browser history, profile USB device usage, cloud storage usage, and more
• Uncover the exact time that a specific user last executed a program through Registry and Windows artifact analysis, and understand how this information can be used to prove intent in cases such as intellectual property theft, hacker-breached systems, and traditional crimes
• Determine the number of times files have been opened by a suspect through browser forensics, shortcut file analysis (LNK), email analysis, and Windows Registry parsing
• Audit cloud storage usage, including detailed user activity, identifying deleted files and even documenting files available only in the cloud

 

Duration

5 Days