Investigating Windows Endpoints
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Windows Event Logs
Fundamentals
In-depth Analysis
Tools and Best Practices
The Registry
Fundamentals
NTUSER.DAT
UsrClass.dat and ShellBags
USB Forensics, Networks, and More
Scalable Analysis
Evidence of Execution
Introduction
Prefetch
Shimcache/AppCompatCache
AmCache
PCA
MUICache
UserAssist
SRUM
Persistence, Privilege Escalation, and Lateral Movement
Services and Scheduled Tasks
LSASS, NTDS.dit, WDigest
SMB, RDP, WMI, PsExec, UAL
Anatomy of NTFS
Introduction
Metafiles, MFT, Journaling, ADS
MACB Timestamps
Parsing the MFT and USN Journal
$I30 Index Attributes
File Deletion and Recovery
The Recycle Bin
"Permanent" Deletion
File Carving with PhotoRec
LNK Files and Jump Lists
LNK Files
Jump Lists
Timelining
The Sleuth Kit (TSK) fls and mactime
Plaso/Log2Timeline
MFTECmd
Additional Content
Web Browser Forensics
Thumbs.db and Thumbcache
Windows Activity Timeline
Windows Search Index
Trouble at ACME
Knowledge Assessment
Knowledge Assessment
Products
Course
Section
Persistence, Privilege Escalation, and Lateral Movement
Persistence, Privilege Escalation, and Lateral Movement
Investigating Windows Endpoints
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Windows Event Logs
Fundamentals
In-depth Analysis
Tools and Best Practices
The Registry
Fundamentals
NTUSER.DAT
UsrClass.dat and ShellBags
USB Forensics, Networks, and More
Scalable Analysis
Evidence of Execution
Introduction
Prefetch
Shimcache/AppCompatCache
AmCache
PCA
MUICache
UserAssist
SRUM
Persistence, Privilege Escalation, and Lateral Movement
Services and Scheduled Tasks
LSASS, NTDS.dit, WDigest
SMB, RDP, WMI, PsExec, UAL
Anatomy of NTFS
Introduction
Metafiles, MFT, Journaling, ADS
MACB Timestamps
Parsing the MFT and USN Journal
$I30 Index Attributes
File Deletion and Recovery
The Recycle Bin
"Permanent" Deletion
File Carving with PhotoRec
LNK Files and Jump Lists
LNK Files
Jump Lists
Timelining
The Sleuth Kit (TSK) fls and mactime
Plaso/Log2Timeline
MFTECmd
Additional Content
Web Browser Forensics
Thumbs.db and Thumbcache
Windows Activity Timeline
Windows Search Index
Trouble at ACME
Knowledge Assessment
Knowledge Assessment
3 Lessons
Services and Scheduled Tasks
LSASS, NTDS.dit, WDigest
SMB, RDP, WMI, PsExec, UAL