Windows Forensics with Belkasoft

This course is designed for digital forensics investigators who deal with Windows computers in their work. It offers an opportunity to enhance your knowledge and gain hands-on experience in discovering and analyzing Windows artifacts.

Enroll

What's inside?

How to review common Windows file systems, and which file system features might be useful in a DFIR investigation
How to examine Windows applications, such as chats, browsers, and mail clients
How to inspect media files and documents, and utilize media-specific analysis options such as text recognition and keyframe extraction
How to identify and analyze forensically important Windows system files, such as registry files, event logs, LNK files
How to get more evidence from a Windows data source by using carving, RAM analysis, and other advanced forensic techniques

Course curriculum

1. Course Participation Agreement
1. 1.1. Welcome and introduction
2. 1.1.1. Course glossary
3. 1.1.2. Tips and tricks
4. 1.2. Download the course data
5. 1.3. Install or update Belkasoft Evidence Center X
6. 1.3.1. Troubleshooting
7. 1.4. Getting started with Belkasoft X
8. 1.5. Create a new case
9. 1.6. Course data
10. 1.7. Add and analyze the data sources
11. 1.7.1. Open the pre-configured case (optional)
1. 2.1. Overview
2. 2.2. Data storage organization
3. 2.3. FAT file systems
4. 2.4. FAT forensics
5. 2.5. BelkaQUIZ (4 questions)
6. 2.6. NTFS file system
7. 2.7. MFT
8. 2.8. Alternate data streams
9. 2.9. Data recovery in NTFS
10. 2.10. BelkaQUIZ (6 questions)
11. 2.11. Belkasoft File System window
12. 2.12. Device properties
13. 2.13. Filtering data in the File System
14. 2.14. Advanced filters in the File System
15. 2.15. BelkaLAB: advanced filters (3 tasks)
16. 2.16. Hashset analysis in Belkasoft X
17. 2.17. BelkaQUIZ (4 questions)
18. 2.18. BelkaLAB: file system (4 tasks)
1. 3.1. Introduction
2. 3.2 Artifacts in Belkasoft X (video)
3. 3.3. Artifacts in Belkasoft X (text)
4. 3.4. Learn to use mini-timeline, global, and local filters (video)
5. 3.5. How to search in Belkasoft X
6. 3.5.1. Search tips
7. 3.6. BelkaQUIZ (5 questions)
1. 4.1. Introduction
2. 4.2. Browsing apps
3. 4.3. Chrome browser forensics
4. 4.4. BelkaQUIZ: browsing history (4 questions)
5. 4.5. BelkaLAB: browsing history (3 tasks)
6. 4.6. Email forensics
7. 4.7. BelkaQUIZ: email forensics (3 questions)
8. 4.9. BelkaLAB: email forensic (3 tasks)
1. 5.1. Introduction
2. 5.2. Audio forensics
3. 5.3. Picture forensics
4. 5.4. Video forensics
5. 5.5. Analyzing videos with multiple video streams
6. 5.6. BelkaLAB: media (4 tasks)
7. 5.7. BelkaQUIZ: media forensics (6 questions)
1. 6.1. Introduction
2. 6.2. Analyzing document metadata
3. 6.3. Embedded media analysis and OCR
4. 6.4. Reviewing documents
5. 6.5. BelkaQUIZ: documents (4 questions)
6. 6.6. BelkaLAB: documents (3 tasks)
1. 7.1. Introduction
2. 7.2. Windows registry in a nutshell
3. 7.2.1. Forensic artifacts in the Windows registry
4. 7.2.2. UserAssist
5. 7.3. BelkaQUIZ (3 questions)
6. 7.4. BelkaLAB: registry artifacts (4 tasks)
7. 7.5. LNK files
8. 7.6. Jump Lists
9. 7.7. Windows 10 Timeline
10. 7.7.1. Windows 10 Timeline forensics with Belkasoft X
11. 7.8. Prefetch files
12. 7.9. Analysing prefetch files with Belkasoft X
13. 7.10. BelkaQUIZ: system files (6 questions)
14. 7.11. BelkaLAB: system files (7 tasks)
15. 7.12. Event logs
16. 7.13. BelkaQUIZ: event logs (4 questions)
17. 7.14. BelkaLAB: event logs (3 tasks)
1. 8.1. Introduction
2. 8.2. Carving and its implementation in digital forensics
3. 8.3. Сarving features in Belkasoft X
4. 8.4. BelkaQUIZ: carving (2 questions)
5. 8.5. Analysis of Recycle Bin
6. 8.6. Volume Shadow Copies
7. 8.7. BelkaQUIZ: Volume Shadow Copies (3 questions)
8. 8.8. Page file and hibernation file analysis
9. 8.9. Overcoming encryption
10. 8.10. BelkaQUIZ: overcoming encryption (5 questions)
11. 8.11. BelkaLAB (4 tasks)
1. 9.1. Introduction
2. 9.2. BelkaLAB: practical case (14 tasks)
1. Final test. For the champions only!
2. Final test: the second attempt (optional)
3. Let's wrap up!