Analyzing Windows file systems and browser artifacts can provide critical information in investigations.
Analyzing Windows file systems and browser artifacts can provide critical information in investigations.
Windows forensic investigations can be daunting with the number of places that contain potential evidence. Focusing on specific areas of the Windows OS will help speed an investigation up and find the information you need. Two of those areas are the Windows NTFS file system, and browser activity.
In this course, Specialized DFIR: Windows File System and Browser Forensics, you’ll learn to analyze the Windows NTFS file system as well as Internet browser activity for evidence of compromise and suspicious activities. First, you’ll explore the NTFS master file table, convert it to a readable format, and find new and modified files related to a compromise. Next, you’ll discover where Internet browsers store their information and how you can use that to your advantage. Finally, you’ll learn how to combine all of this information to have a more comprehensive view of the malicious activities that took place on a compromised host. When you’re finished with this course, you’ll have the skills and knowledge needed to to perform file system and browser forensics on a Windows system.
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.