Cyber Workforce Platform

A security analyst will likely be asked some time in his or her career to conduct a forensic analysis of a Windows workstation or server. In this lab the student will learn about forensic artifacts commonly found on Windows computers. Forensic artifacts are traces of user activity left behind on a computer even after the user logs out or the computer is shut down.

In this lab, students will investigate a suspected data breach by an employee of an organization. They will be given a disk image of the employee’s Windows workstation. They will learn where to look for forensic artifacts and the use of tools such as Autopsy®, Registry Editor, RegRipper, LECmd, JumpList Explorer, RecentFileCacheParser, PECmd, and ShellBags Explorer to extract information from these artifacts.



Basic cyber forensics knowledge and best practices are recommended, as is familiarity with the Windows command prompt.

Expected Duration

2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.

Cyber Workforce Platform

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec sed finibus nisi, sed dictum eros.
Copyright © 2024 Divi. All Rights Reserved.