Cybercrime investigation for Windows-based computers

  • Date: 18/5/2017
  • Time: 8:00 AM - 4:00 PM
  • IT Professionals
  • Information Security Professionals
  • IT Auditors
  • Incident Response Team Members
  • Experienced Digital Forensic Analysts
  • Red Team Members, Penetration Testers, and Exploit Developers
  • Law enforcement officers, federal agents, or detectives
  • Forensics Investigators
  • Computer security incident response
  • Collecting and documenting evidence
  • Investigation of different types of digital evidence
  • Data recovery
  • Preventing computer security incidents or minimizing the risk of them

Part 1. Computer forensics of Windows operating system

  • Developing incident handling capabilities
  • Recommended tools and methods for collecting evidence
  • Collecting and documenting evidence
  • Creating copies of data from different sources
  • Collecting volatile data: memory, traffic, live data of running computer
  • Computer forensics fundamentals
  • Prerequisites for successful cybercrime investigation
  • Collecting evidence in Windows operating system
  • Recommended Windows tools for forensic data duplication
  • Windows artefacts
  • Investigation of network connections and creating timeline
  • Investigation of the incident with internet banking fraud
  • Practical classes


Part 2. Memory forensics

  • Memory structure depending on the architecture
  • Analysis of Windows memory dumps
  • Analysis of Linux memory dumps
  • Malware in memory dumps
  • Forensic artifacts from memory dump
  • Practical classes


Part 3. Network Forensics

  • Topologies of computer networks, protocol stacks, hardware types and types of network addressing
  • Forensic analysis of network protocols: HTTP, FTP
  • Methods of creating traffic copies depending on the device
  • Forensic reconstruction of data flows in traffic dumps
  • Practical classes


Part 4. Practical independent investigation