FOR500 Windows Forensic Analysis
Focused View
20:20:17
80 View
- 1. Welcome to Your SANS OnDemand Course
- 1.mp400:01
- 2.mp400:01
- 3.mp400:01
- 4.mp400:01
- 5.mp400:01
- 6.mp400:01
- 7.mp400:01
- 8.mp410:36
- 2. Introduction to Lab Exercises
- 1.mp400:01
- 2.mp400:01
- 3.mp400:01
- 4.mp400:01
- 5.mp400:01
- 6.mp400:01
- 7.mp400:01
- 8.mp400:01
- 9.mp400:01
- 1. Welcome to Windows Forensic Analysis For500
- 1.mp400:01
- 2.mp405:10
- 3.mp401:28
- 4.mp406:11
- 5.mp400:01
- 2. The Donald Blake Case
- 1.mp401:15
- 2.mp400:01
- 3.mp400:57
- 4.mp400:38
- 5.mp408:02
- 6.mp400:42
- 7.mp400:23
- 8.mp400:29
- 3. Core Windows Forensics Focus on Analysis
- 1.mp404:06
- 2.mp401:38
- 3.mp408:29
- 4.mp405:03
- 5.mp403:14
- 4. Memory and Triage Acquisition
- 1.mp403:12
- 2.mp412:42
- 3.mp402:32
- 4.mp400:28
- 5.mp400:50
- 6.mp405:10
- 7.mp404:12
- 8.mp401:29
- 9.mp400:51
- 10.mp403:14
- 11.mp400:32
- 12.mp400:07
- 13.mp402:04
- 14.mp404:00
- 15.mp401:06
- 16.mp401:05
- 17.mp403:00
- 18.mp400:01
- 19.mp406:31
- 20.mp400:59
- 21.mp401:31
- 22.mp400:23
- 23.mp401:31
- 5. Mounting Disk Images
- 1.mp401:12
- 2.mp400:41
- 3.mp400:32
- 4.mp401:33
- 5.mp400:27
- 6.mp400:29
- 7.mp403:55
- 8.mp411:54
- 9.mp407:14
- 10.mp404:29
- 11.mp400:11
- 6. Filesystem Overview
- 1.mp401:06
- 2.mp400:01
- 3.mp407:12
- 4.mp402:02
- 5.mp415:11
- 6.mp400:25
- 7.mp400:53
- 8.mp400:30
- 9.mp406:58
- 10.mp405:43
- 11.mp406:43
- 12.mp400:24
- 13.mp400:37
- 14.mp400:34
- 15.mp411:14
- 7. Advanced Acquisition
- 1.mp401:16
- 2.mp400:07
- 3.mp401:00
- 4.mp407:21
- 5.mp405:36
- 8. Data Stream Carving
- 1.mp404:13
- 2.mp400:01
- 3.mp400:40
- 4.mp402:09
- 5.mp400:38
- 6.mp408:56
- 7.mp400:25
- 8.mp417:46
- 9.mp400:01
- 9. File Metadata
- 1.mp401:29
- 2.mp400:38
- 3.mp400:52
- 4.mp400:37
- 5.mp400:13
- 10. File Carving
- 1.mp402:53
- 2.mp400:01
- 3.mp400:36
- 4.mp401:25
- 5.mp400:08
- 6.mp401:19
- 7.mp406:56
- 8.mp400:01
- 9.mp400:01
- 11. Quiz
- 1.mp400:01
- 12. Student Course Evaluation Section 1
- 1.mp400:01
- 1. Registry Forensics
- 1.mp402:14
- 2.mp400:01
- 3.mp400:01
- 4.mp402:41
- 5.mp402:00
- 6.mp401:04
- 7.mp410:57
- 8.mp401:41
- 9.mp405:01
- 10.mp400:52
- 11.mp400:19
- 12.mp400:21
- 13.mp406:02
- 14.mp402:49
- 15.mp403:21
- 16.mp400:40
- 17.mp401:38
- 2. Registry Forensic Analysis
- 1.mp401:19
- 2.mp401:28
- 3.mp406:53
- 4.mp400:09
- 5.mp405:15
- 6.mp401:28
- 7.mp400:52
- 3. Collecting User Information
- 1.mp401:12
- 2.mp402:04
- 3.mp400:07
- 4.mp401:16
- 5.mp403:18
- 6.mp400:01
- 7.mp412:23
- 4. Examining System Configuration
- 1.mp402:40
- 2.mp400:52
- 3.mp400:14
- 4.mp403:39
- 5.mp402:34
- 6.mp400:09
- 7.mp402:02
- 8.mp400:20
- 9.mp402:03
- 10.mp400:28
- 11.mp400:37
- 12.mp400:21
- 13.mp402:35
- 14.mp402:16
- 15.mp400:43
- 16.mp400:17
- 17.mp400:01
- 18.mp400:41
- 19.mp401:45
- 20.mp408:23
- 21.mp400:13
- 22.mp400:36
- 23.mp400:18
- 24.mp400:47
- 25.mp400:11
- 26.mp400:08
- 27.mp400:22
- 28.mp400:09
- 29.mp400:14
- 30.mp414:15
- 5. Analyzing User and Program Execution Activity
- 1.mp404:17
- 2.mp404:20
- 3.mp403:27
- 4.mp404:40
- 5.mp415:07
- 6.mp402:19
- 7.mp400:34
- 8.mp406:43
- 9.mp403:38
- 10.mp400:08
- 11.mp401:02
- 12.mp402:52
- 13.mp405:15
- 14.mp401:32
- 15.mp402:51
- 16.mp400:01
- 6. Analyzing Program Execution Activity
- 1.mp400:01
- 2.mp402:23
- 3.mp401:46
- 4.mp401:13
- 5.mp407:26
- 6.mp412:44
- 7.mp400:10
- 8.mp402:10
- 9.mp407:29
- 10.mp400:26
- 11.mp400:50
- 12.mp401:36
- 13.mp400:17
- 14.mp400:35
- 15.mp401:20
- 16.mp401:20
- 17.mp400:01
- 18.mp400:07
- 19.mp432:51
- 20.mp400:01
- 21.mp400:01
- 7. Quiz
- 1.mp400:01
- 8. Student Course Evaluation Section 2
- 1.mp400:01
- 1. Core Windows Forensics II USB Devices and Shell Items Introduction
- 1.mp400:01
- 2.mp400:01
- 3.mp400:01
- 4.mp401:23
- 5.mp403:53
- 2. Shell Item Analysis
- 1.mp400:01
- 2.mp401:03
- 3.mp405:52
- 4.mp401:03
- 5.mp400:41
- 6.mp415:48
- 7.mp401:57
- 8.mp400:22
- 9.mp400:43
- 10.mp401:40
- 11.mp400:08
- 12.mp400:27
- 13.mp409:05
- 14.mp401:34
- 15.mp435:11
- 16.mp402:11
- 17.mp401:20
- 18.mp400:44
- 19.mp401:07
- 20.mp400:30
- 21.mp400:29
- 22.mp408:49
- 23.mp400:20
- 24.mp403:58
- 25.mp400:01
- 26.mp408:58
- 27.mp400:08
- 28.mp400:45
- 29.mp400:17
- 30.mp401:06
- 31.mp403:27
- 32.mp405:57
- 33.mp400:58
- 34.mp406:47
- 35.mp400:01
- 36.mp401:51
- 37.mp406:56
- 38.mp400:21
- 39.mp401:25
- 40.mp400:33
- 41.mp400:16
- 42.mp421:27
- 43.mp400:14
- 44.mp401:00
- 45.mp403:02
- 3. Analyzing USB Devices
- 1.mp400:01
- 2.mp402:58
- 3.mp403:11
- 4.mp400:42
- 5.mp400:36
- 6.mp401:20
- 7.mp402:06
- 8.mp400:57
- 9.mp401:20
- 10.mp400:12
- 11.mp400:39
- 12.mp404:14
- 13.mp401:13
- 14.mp402:12
- 15.mp403:23
- 16.mp400:22
- 17.mp401:13
- 18.mp401:54
- 19.mp401:44
- 20.mp400:42
- 21.mp403:37
- 22.mp400:21
- 23.mp401:55
- 24.mp400:20
- 25.mp400:26
- 26.mp400:32
- 27.mp401:00
- 28.mp401:36
- 29.mp400:23
- 30.mp400:01
- 31.mp400:01
- 32.mp400:01
- 33.mp401:26
- 34.mp400:37
- 35.mp400:07
- 36.mp400:46
- 37.mp400:54
- 38.mp400:08
- 39.mp401:15
- 40.mp400:01
- 41.mp400:01
- 42.mp400:01
- 43.mp430:17
- 44.mp400:19
- 4. Quiz
- 1.mp400:01
- 5. Student Course Evaluation Section 3
- 1.mp400:01
- 1. Email Forensics
- 1.mp400:01
- 2.mp405:27
- 3.mp400:01
- 4.mp408:04
- 5.mp401:35
- 6.mp407:19
- 7.mp400:55
- 8.mp411:04
- 9.mp402:18
- 10.mp403:25
- 11.mp403:00
- 12.mp400:10
- 13.mp400:18
- 14.mp400:32
- 15.mp400:52
- 16.mp400:35
- 17.mp402:17
- 18.mp400:37
- 19.mp400:26
- 20.mp400:27
- 21.mp400:24
- 22.mp400:28
- 23.mp400:29
- 24.mp401:47
- 25.mp401:08
- 26.mp404:48
- 27.mp400:12
- 28.mp400:39
- 29.mp401:36
- 30.mp400:37
- 31.mp400:21
- 32.mp401:26
- 33.mp404:28
- 34.mp400:05
- 35.mp400:33
- 36.mp400:35
- 37.mp401:00
- 38.mp400:06
- 39.mp400:24
- 40.mp400:43
- 41.mp400:27
- 42.mp401:52
- 43.mp405:12
- 44.mp400:01
- 2. Additional Artifacts
- 1.mp400:01
- 2.mp400:01
- 3.mp400:16
- 4.mp400:47
- 5.mp402:07
- 6.mp401:29
- 7.mp401:42
- 8.mp409:00
- 9.mp401:14
- 10.mp401:03
- 11.mp400:12
- 12.mp401:39
- 13.mp400:56
- 14.mp401:29
- 15.mp401:05
- 16.mp400:48
- 17.mp401:32
- 18.mp400:33
- 19.mp400:01
- 20.mp400:01
- 21.mp400:01
- 22.mp400:01
- 23.mp402:03
- 24.mp405:05
- 25.mp400:55
- 26.mp414:23
- 27.mp400:21
- 28.mp400:01
- 29.mp400:18
- 30.mp400:12
- 31.mp404:54
- 32.mp410:27
- 33.mp400:01
- 34.mp400:01
- 35.mp403:35
- 36.mp402:26
- 37.mp401:10
- 38.mp400:24
- 39.mp402:37
- 40.mp400:01
- 41.mp401:14
- 42.mp400:04
- 43.mp400:32
- 44.mp400:34
- 45.mp400:21
- 46.mp400:28
- 47.mp400:26
- 48.mp415:32
- 49.mp400:20
- 50.mp400:22
- 51.mp401:04
- 52.mp401:07
- 53.mp400:01
- 3. Event Log Analysis
- 1.mp400:01
- 2.mp403:30
- 3.mp400:42
- 4.mp400:15
- 5.mp400:55
- 6.mp400:49
- 7.mp401:35
- 8.mp406:13
- 9.mp401:02
- 10.mp400:51
- 11.mp403:36
- 12.mp400:34
- 13.mp400:32
- 14.mp400:01
- 15.mp400:32
- 16.mp400:19
- 17.mp400:14
- 18.mp401:27
- 19.mp400:27
- 20.mp403:29
- 21.mp400:13
- 22.mp403:20
- 23.mp400:29
- 24.mp400:11
- 25.mp400:53
- 26.mp400:37
- 27.mp400:33
- 28.mp403:14
- 29.mp401:57
- 30.mp400:38
- 31.mp400:35
- 32.mp401:05
- 33.mp400:40
- 34.mp400:05
- 35.mp400:36
- 36.mp400:32
- 37.mp400:01
- 38.mp400:01
- 39.mp403:57
- 40.mp400:01
- 41.mp400:01
- 42.mp400:01
- 43.mp400:01
- 4. Quiz
- 1.mp400:01
- 5. Student Course Evaluation Section 4
- 1.mp400:01
- 1. Core Windows Forensics IVInternet Browers Introduction
- 1.mp400:01
- 2.mp400:01
- 3.mp400:01
- 2. Brief Intro to 508
- 1.mp400:01
- 2.mp400:01
- 3.mp400:01
- 3. Internet Browser Forensics
- 1.mp400:43
- 2.mp403:44
- 3.mp401:20
- 4.mp402:30
- 5.mp404:50
- 4. Internet Explorer Overview
- 1.mp401:13
- 2.mp401:11
- 3.mp404:43
- 4.mp400:43
- 5.mp400:18
- 6.mp400:04
- 7.mp400:28
- 8.mp400:17
- 9.mp407:33
- 10.mp410:10
- 11.mp400:54
- 12.mp402:25
- 13.mp402:18
- 14.mp400:05
- 15.mp400:26
- 16.mp400:15
- 17.mp400:14
- 18.mp417:31
- 19.mp400:05
- 20.mp400:23
- 21.mp400:18
- 22.mp400:30
- 23.mp400:14
- 24.mp403:13
- 25.mp401:37
- 26.mp400:26
- 27.mp400:04
- 28.mp400:56
- 29.mp401:03
- 30.mp400:05
- 31.mp400:28
- 32.mp401:34
- 33.mp401:28
- 34.mp400:30
- 35.mp401:19
- 36.mp400:30
- 37.mp400:35
- 38.mp400:31
- 39.mp400:46
- 40.mp402:35
- 41.mp400:36
- 42.mp400:31
- 43.mp401:06
- 44.mp401:00
- 45.mp400:48
- 46.mp401:44
- 47.mp400:35
- 48.mp400:01
- 49.mp400:04
- 50.mp413:16
- 51.mp401:22
- 5. Edge Overview
- 1.mp401:08
- 2.mp400:23
- 3.mp400:28
- 4.mp400:38
- 5.mp400:30
- 6.mp400:41
- 7.mp405:41
- 6. Firefox Overview
- 1.mp401:48
- 2.mp400:01
- 3.mp402:11
- 4.mp400:48
- 5.mp400:31
- 6.mp402:29
- 7.mp401:03
- 8.mp400:46
- 9.mp400:27
- 10.mp400:26
- 11.mp402:06
- 12.mp400:20
- 13.mp400:20
- 14.mp400:13
- 15.mp403:52
- 16.mp400:48
- 17.mp400:47
- 18.mp401:40
- 19.mp400:47
- 20.mp400:50
- 21.mp400:28
- 22.mp403:01
- 23.mp400:34
- 24.mp400:23
- 25.mp401:06
- 26.mp400:48
- 27.mp400:53
- 28.mp400:47
- 29.mp400:43
- 30.mp400:50
- 31.mp401:41
- 32.mp405:32
- 33.mp400:14
- 34.mp400:54
- 35.mp400:01
- 36.mp401:38
- 7. Chrome Overview
- 1.mp401:36
- 2.mp409:57
- 3.mp402:34
- 4.mp400:55
- 5.mp400:25
- 6.mp400:31
- 7.mp401:25
- 8.mp400:23
- 9.mp400:54
- 10.mp401:04
- 11.mp400:45
- 12.mp400:18
- 13.mp404:05
- 14.mp400:25
- 15.mp400:31
- 16.mp400:31
- 17.mp400:30
- 18.mp400:54
- 19.mp400:26
- 20.mp401:31
- 21.mp400:21
- 22.mp400:34
- 23.mp400:47
- 24.mp401:13
- 25.mp400:30
- 26.mp408:13
- 27.mp400:56
- 28.mp400:24
- 29.mp400:43
- 8. Private Browsing
- 1.mp400:42
- 2.mp401:14
- 3.mp400:36
- 4.mp400:35
- 5.mp400:32
- 6.mp400:33
- 7.mp400:35
- 8.mp400:28
- 9.mp400:46
- 10.mp401:28
- 11.mp401:41
- 12.mp400:59
- 13.mp400:58
- 14.mp400:10
- 15.mp400:12
- 16.mp400:16
- 17.mp400:01
- 18.mp400:01
- 19.mp401:29
- 9. Quiz
- 1.mp400:01
- 10. Student Course Evaluation Section 5
- 1.mp400:01
- 1. The Forensic Challenge HandsOn Case Study
- 1.mp404:02
- 2.mp400:01
- 3.mp400:01
- 4.mp400:01
- 5.mp400:01
- 6.mp400:01
- 2. Student Course Evaluation Section 6
- 1.mp400:01
More details
User Reviews
Rating
average 0
Focused display
Sans
View courses SansThe SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing.
- language english
- Training sessions 614
- duration 20:20:17
- Release Date 2023/06/16
