In the 201 Practical Windows Forensics DIY Edition you build your own lab, prepare resources, and conduct a comprehensive Windows forensic investigation. It includes lifetime access to course materials.
The Practical Windows Forensics (PWF) is a self-paced course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform a comprehensive forensic analysis, turning data into evidence.
- 11 hours of guided video content
- 80+ videos on-demand
- 100% hands-on
- Access for the lifetime of the course
- Learn to use the most important forensic tools in the industry
- Course support materials are public on our Github
- FREE Practical Windows Forensics Cheat Sheet
Countless Testimonials! Over 3000 students!
the field. One thing that sets Practical Windows Forensics apart from other courses on the subject is the level of detail provided.Â
Schober does an excellent job of explaining the various tools and techniques used in forensic analysis and provides clear and thorough explanations of how each tool works and can be used to gather evidence. In addition to the technical details, the course provides a wealth of practical advice and best practices for conducting forensic analyses, including tips on properly documenting and reporting findings.
Overall, Practical Windows Forensics is a must-have for anyone interested in forensic analysis or looking to expand their knowledge in the field. It's an excellent resource that I highly recommend to anyone looking to learn more about the subject.
last night finished up the PWF course (started a few days ago). To be honest I struggled in school with forensics because I found it boring and hard to follow. This PWF course was great though. Lab set up was easy, instructions were clear. I didn't feel like I need to speed up or slow down the videos.
I felt like the content built on one another. The course felt like it stepped through everything appropriately and then provided a summarization and closure. I have a good understanding of the material and want to continue forensicating stuff.
I only have positive things to say and will be recommending it to others for sure.
Course goes through a handful of tools and techniques and provides a good overview on the process of windows forensics. Throughout the course I felt like the instructor highlighted things you will want to do more research on as well as links to the material.
Overall 10/10. This was an amazing intro to Windows forensics.
Just wanted to stop by and say that I'm working through your PWF-course and it's absolutely fantastic! 👌
I can see the completion percentage increasing and even though I'm only past a third of the content I'm already feeling sad that it's going to come to an end some day.
That's a feeling I don't get a lot when doing these kind of courses.
Â
Hope you have a fantastic day and thank you for the amazing content you've produced.
I felt like the content built on one another. The course felt like it stepped through everything appropriately and then provided a summarization and closure. I have a good understanding of the material and want to continue forensicating stuff.
I only have positive things to say and will be recommending it to others for sure.
Course goes through a handful of tools and techniques and provides a good overview on the process of windows forensics. Throughout the course I felt like the instructor highlighted things you will want to do more research on as well as links to the material.
Overall 10/10. This was an amazing intro to Windows forensics."
I wish I had this course when we were going through that! I think this course is just as valuable for pentesters as it is for DFIR folks. Thanks very much for putting this together!"
Course Description
The course covers how to perform a full digital forensic investigation of a Windows system. It begins with the simple preparation of our lab, which consists of setting up a “victim” VM and a forensic workstation. We’ll then run an attack simulation script (open-source PWF Attack script) on the victim VM that simulates attack patterns as commonly observed by threat actors in the industry to create a realistic setting for our investigation. From there, we’ll kick off the forensic process, beginning with the data collection, examination and extraction before diving deeper into the analysis of the information at hand.
The data analysis section consists of a comprehensive investigation, including various tools and many different forensic artifacts with which every analyst should be familiar. We will not only analyze artifacts, but also discuss their behavior to learn when, why and how to interpret the data contained within these artifacts. The analysis begins with Windows disk and memory artifacts and ends with the analysis of the timelines generated from both.
This course also covers many important artifacts and concepts relating to Windows forensic analysis. We’ll use several freely available tools for the analysis that are well known and recognized in the industry. The student will leave the course with a comprehensive understanding of the forensic process, important Windows artifacts and forensic tools and a forensic workstation available and ready to go for future investigations.
Markus Schober
Course Instructor
Markus has an extensive background in the Digital Forensics and Incident Response field. Throughout his career, he has led numerous real-world cyber response cases and acquired valuable experience that he is enthusiastic about sharing with colleagues, clients, and students.
If you are not sure, you can also enroll in the free Practical Windows Forensics Preview course to enjoy several lessons for free!
FAQs:
This is a self-study course that you can take on-demand, at your own pace. There are about 11 hours of hands-on video content.
This course has received stellar reviews by students as well as seasoned professionals alike. It is easy to follow, but dives deep into the digital forensic domain showing also advanced techniques to perform a comprehensive forensic investigation.
It’s recommended to have:
- Basic IT knowledge and familiarity with Windows operating systems and virtualization.
- Basic knowledge of command line utilities (Windows CMD, PowerShell, Ubuntu).
Yes, upon completion of the course, your certificate of completion will automatically show up on the course page!
No, you will have to build a basic course lab offline. During the course you will step by step learn how to create two Windows VMs. One VM to run the attack script, which will be the system to investigate throughout the course. Another VM to build a forensic workstation with tools to analyze forensic artifacts. They do not need to run at the same time!
If interested in an online version only, check out the Practical Windows Forensics with labs .Â
Â
Min. 4GB RAM and 60 GB storage; Ideally, 8GB RAM, 2+ CPUs and 150GB storage (specifically for the last section “Super timelines”)
We will be using VirtualBox as the hypervisor of choice throughout the course. However, it is easily possible to use VMWare products as well.
You will have access for the entire life time of the course.
Due to the nature of digital goods, we generally do not offer refunds or exchanges. Once a digital product or service is purchased and delivered, it is considered consumed and cannot be returned. However, we understand that exceptions may arise, and we will evaluate refund requests on a case-by-case basis.
Yes! Please contact us directly.
Yes! Please join our lively community on Discord server for any chatting and questions alike. Link: https://discord.gg/WKsaGE2CV3
Bonus: Forensic Cheat Sheet
Download the Practical Windows Forensics Cheat Sheet PDF for free to guide your investigations!
Course Content
- Course materials are public and available on our Github repository.
- BONUS: Download the Practical Windows Forensics Cheat Sheet PDF for free to guide your investigations!
- Earn your Certificate of Completion!
You must log in and have started this course to submit a review.