OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Pluralsight logo

Specialized DFIR

Windows File System and Browser Forensics

Tyler Hudak

Analyzing Windows file systems and browser artifacts can provide critical information in investigations.

Read more

Analyzing Windows file systems and browser artifacts can provide critical information in investigations.

Windows forensic investigations can be daunting with the number of places that contain potential evidence. Focusing on specific areas of the Windows OS will help speed an investigation up and find the information you need. Two of those areas are the Windows NTFS file system, and browser activity.

In this course, Specialized DFIR: Windows File System and Browser Forensics, you’ll learn to analyze the Windows NTFS file system as well as Internet browser activity for evidence of compromise and suspicious activities. First, you’ll explore the NTFS master file table, convert it to a readable format, and find new and modified files related to a compromise. Next, you’ll discover where Internet browsers store their information and how you can use that to your advantage. Finally, you’ll learn how to combine all of this information to have a more comprehensive view of the malicious activities that took place on a compromised host. When you’re finished with this course, you’ll have the skills and knowledge needed to to perform file system and browser forensics on a Windows system.

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Valid for a limited time only
Future-proof your career
Access O'Reilly books, live events, courses, and more. Save with an annual subscription.
Take
15%
off

What's inside

Syllabus

Course Overview
Windows NTFS Analysis
NTFS Timeline Generation and Analysis
Browser Artifacts
Read more
Browser Analysis
Conclusion

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Develops core skills for forensic investigations, particularly in the analysis of Windows file systems and browser artifacts
Instructors have earned a reputation for their work in the field of digital forensics and incident response (DFIR)
Builds a strong foundation for learners new to DFIR or wanting to strengthen their existing foundation
Covers unique perspectives and ideas that may add color to other topics and subjects in the DFIR field
Requires learners to come in with extensive background knowledge; not for complete beginners

Save this course

Save Specialized DFIR: Windows File System and Browser Forensics to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Specialized DFIR: Windows File System and Browser Forensics with these activities:
Review NTFS Master File Table Analysis
Review the NTFS Master File Table to prepare for in-depth file system analysis.
Show steps
  • Review NTFS file system structure
  • Familiarize yourself with the MFT and its attributes
Peer Practice: File System and Browser Forensics Case Study
Collaborate with peers on a file system and browser forensics case study to enhance understanding and problem-solving skills.
Show steps
  • Review case study materials
  • Discuss and analyze forensic artifacts
  • Present findings and conclusions
Tutorial: Windows File System and Browser Forensics with Volatility
Follow guided tutorials on Windows file system and browser forensics using Volatility to gain hands-on experience.
Browse courses on Windows Forensics
Show steps
  • Install and configure Volatility
  • Analyze NTFS file system with Volatility plugins
  • Analyze browser artifacts with Volatility plugins
Two other activities
Expand to see all activities and additional details
Show all five activities
Analyze Browser Artifacts in Jupyter Notebook
Practice identifying and analyzing browser artifacts using Jupyter Notebook to improve browser forensics skills.
Browse courses on Jupyter Notebook
Show steps
  • Set up Jupyter Notebook environment
  • Load and explore browser artifact data
  • Identify and analyze relevant artifacts
Project: Timeline Analysis Report
Create a comprehensive report on NTFS timeline analysis to demonstrate understanding of file system events and reconstruction.
Show steps
  • Gather and process NTFS timeline data
  • Analyze events and reconstruct timeline
  • Write a detailed report summarizing findings

Career center

Learners who complete Specialized DFIR: Windows File System and Browser Forensics will develop knowledge and skills that may be useful to these careers:
Information Security Auditor
An Information Security Auditor is responsible for conducting audits to assess an organization's cybersecurity posture. This course may be useful for Information Security Auditors because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for auditors who need to assess and evaluate cybersecurity controls.
See salaries and explore the career path for Information Security Auditor
Cybersecurity Consultant
A Cybersecurity Consultant provides cybersecurity advisory and consulting services to organizations. This course may be useful for Cybersecurity Consultants because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for consultants who need to assess and improve the cybersecurity posture of their clients.
See salaries and explore the career path for Cybersecurity Consultant
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for overseeing an organization's cybersecurity strategy and operations. This course may be useful for CISOs because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for CISOs who need to understand and manage the cybersecurity risks facing their organizations.
See salaries and explore the career path for Chief Information Security Officer (CISO)
Cybersecurity Manager
A Cybersecurity Manager is responsible for managing an organization's cybersecurity program. This course may be useful for Cybersecurity Managers because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for managers who need to oversee and manage cybersecurity operations.
See salaries and explore the career path for Cybersecurity Manager
Security Researcher
A Security Researcher is responsible for conducting research to identify and exploit vulnerabilities in software and systems. This course may be useful for Security Researchers because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for researchers who need to identify and exploit vulnerabilities.
See salaries and explore the career path for Security Researcher
Information Security Analyst
An Information Security Analyst is responsible for analyzing and interpreting security data to identify and mitigate threats. This course may be useful for Information Security Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for analysts who need to investigate and remediate security incidents.
See salaries and explore the career path for Information Security Analyst
Forensic Analyst
A Forensic Analyst is responsible for collecting, analyzing, and interpreting digital evidence for use in legal proceedings. This course may be useful for Forensic Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for analysts who need to extract and analyze evidence from digital devices.
See salaries and explore the career path for Forensic Analyst
Cybersecurity Engineer
A Cybersecurity Engineer is responsible for designing, implementing, and maintaining cybersecurity systems and controls. This course may be useful for Cybersecurity Engineers because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for engineers who need to design and implement secure systems.
See salaries and explore the career path for Cybersecurity Engineer
Threat Intelligence Analyst
A Threat Intelligence Analyst is responsible for collecting and analyzing information about threats to an organization's security. This course may be useful for Threat Intelligence Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for analysts who need to identify and track threats.
See salaries and explore the career path for Threat Intelligence Analyst
Malware Analyst
A Malware Analyst is responsible for analyzing malware to identify its capabilities and behavior. This course may be useful for Malware Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for analysts who need to identify and mitigate malware threats.
See salaries and explore the career path for Malware Analyst
Digital Forensics Analyst
A Digital Forensics Analyst is responsible for identifying, preserving, recovering, examining, and analyzing digital evidence for use in criminal investigations or civil proceedings. This course may be useful for Digital Forensics Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for examiners who need to extract evidence from digital devices.
See salaries and explore the career path for Digital Forensics Analyst
Penetration Tester
A Penetration Tester is responsible for conducting authorized security assessments to identify vulnerabilities in an organization's network and systems. This course may be useful for Penetration Testers because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for testers who need to identify and exploit vulnerabilities.
See salaries and explore the career path for Penetration Tester
Computer Forensic Analyst
A Computer Forensic Analyst is responsible for collecting, analyzing, and interpreting digital evidence from computers and other electronic devices. This course may be useful for Computer Forensic Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for examiners who need to extract evidence from digital devices.
See salaries and explore the career path for Computer Forensic Analyst
Security Analyst
A Security Analyst is responsible for monitoring and analyzing security logs and alerts, and identifying and responding to security threats. This course may be useful for Security Analysts because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for analysts who need to investigate and remediate security incidents.
See salaries and explore the career path for Security Analyst
Incident Responder
An Incident Responder is responsible for responding to and investigating security incidents. This course may be useful for Incident Responders because it provides foundational knowledge on how to analyze Windows file systems and browser artifacts, which are key skills for responders who need to quickly identify and mitigate threats.
See salaries and explore the career path for Incident Responder

Reading list

We've selected seven books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Specialized DFIR: Windows File System and Browser Forensics.
Cover image
Real Digital Forensics
Save
A classic book on file system forensics, providing in-depth coverage of NTFS, FAT, and other file systems.
Real Digital Forensics
Paperback
Check
Real Digital Forensics
Kindle Edition
Check
Cover image
Digital Forensics with Open Source Tools
Save
Provides an overview of open-source tools for digital forensics, including tools for file system and browser analysis.
Digital Forensics with Open Source Tools
Paperback
$$
Digital Forensics with Open Source Tools: Using...
Kindle Edition
$$
Cover image
Incident Response & Computer Forensics, 2nd Ed.
Save
Provides an overview of incident response and digital forensics, including techniques for file system and browser analysis.
Incident Response and Computer Forensics, Second...
Paperback
$$$
Cover image
Practical Malware Analysis
Save
Provides a comprehensive overview of malware analysis, including techniques for analyzing malware that targets the file system or browsers.
Practical Malware Analysis: The Hands-On Guide to...
Paperback
$$
Practical Malware Analysis: The Hands-On Guide to...
Kindle Edition
$$
Cover image
Forensic Science
Save
Provides a comprehensive overview of forensic science, including digital forensics and browser analysis.
Forensic Science
Paperback
Check
Forensic Science
Kindle Edition
Check
Cover image
The Art of Memory Forensics
Save
Provides an in-depth guide to memory forensics, including techniques for analyzing browser artifacts.
The Art of Memory Forensics: Detecting Malware and...
Paperback
$$$
Cover image
Rootkits
Save
Provides a detailed overview of rootkits, including techniques for detecting and analyzing rootkits that target the file system or browsers.
Rootkits: Subverting the Windows Kernel: Subverting...
Paperback
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Here are nine courses similar to Specialized DFIR: Windows File System and Browser Forensics.
Specialized DFIR: Windows Event Log Forensics
Most relevant
Windows OS Forensics
Most relevant
Computer Forensics
Most relevant
Intermediate Computer Forensics
Most relevant
Specialized DFIR: Windows Registry Forensics
Most relevant
IFCI Expert Cybercrime Investigator's Course
Most relevant
Live Response and Forensics with PowerShell
Most relevant
Digital Forensics Essentials (DFE)
Most relevant
OS Analysis with Volatility
Most relevant
Course image
Time
54 hours
Level
Advanced
Via
Pluralsight
Instructor
Tyler Hudak
Language
English
Good to know
Develops core skills for forensic investigations, particularly in the analysis of Windows file systems and browser artifacts
Instructors have earned a reputation for their work in the field of digital forensics and incident response (DFIR)
Builds a strong foundation for learners new to DFIR or wanting to strengthen their existing foundation
Covers unique perspectives and ideas that may add color to other topics and subjects in the DFIR field
Requires learners to come in with extensive background knowledge; not for complete beginners
Share and help others discover this course.
Facebook LinkedIn X Reddit Link Email
Don't miss out
Enroll today to gain access to this course
Enroll in this course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser