201: Practical Windows Forensics DIY Edition

Current Status
Not Enrolled
Price
$129.00
Get Started
Take this Course

In the 201 Practical Windows Forensics DIY Edition you build your own lab, prepare resources, and conduct a comprehensive Windows forensic investigation. It includes lifetime access to course materials.

The Practical Windows Forensics (PWF) is a self-paced course that teaches how to perform a complete digital forensic investigation of a Windows system. Students will become familiar with the forensic process, a wealth of important Windows forensic artifacts as well as learn how to use many industry-recognized and freely available tools to perform a comprehensive forensic analysis, turning data into evidence.

  • 11 hours of guided video content
  • 80+ videos on-demand
  • 100% hands-on
  • Access for the lifetime of the course
  • Learn to use the most important forensic tools in the industry
  • Course support materials are public on our Github
  • FREE Practical Windows Forensics Cheat Sheet






Countless Testimonials! Over 3000 students!

Practical Windows Forensics by Markus Schober is an excellent resource for anyone looking to learn more about the forensic analysis of Windows systems. The course is well laid out and easy to follow, with a clear and concise style that makes it easy to understand even for those with little experience in 
the field. One thing that sets Practical Windows Forensics apart from other courses on the subject is the level of detail provided. 
Schober does an excellent job of explaining the various tools and techniques used in forensic analysis and provides clear and thorough explanations of how each tool works and can be used to gather evidence. In addition to the technical details, the course provides a wealth of practical advice and best practices for conducting forensic analyses, including tips on properly documenting and reporting findings.
Overall, Practical Windows Forensics is a must-have for anyone interested in forensic analysis or looking to expand their knowledge in the field. It's an excellent resource that I highly recommend to anyone looking to learn more about the subject.

Krunal D.Senior Network Engineer

Hello all,

last night finished up the PWF course (started a few days ago). To be honest I struggled in school with forensics because I found it boring and hard to follow. This PWF course was great though. Lab set up was easy, instructions were clear. I didn't feel like I need to speed up or slow down the videos.

I felt like the content built on one another. The course felt like it stepped through everything appropriately and then provided a summarization and closure. I have a good understanding of the material and want to continue forensicating stuff.

I only have positive things to say and will be recommending it to others for sure.

Course goes through a handful of tools and techniques and provides a good overview on the process of windows forensics. Throughout the course I felt like the instructor highlighted things you will want to do more research on as well as links to the material.

Overall 10/10. This was an amazing intro to Windows forensics.

M.Analyst

Hey!
Just wanted to stop by and say that I'm working through your PWF-course and it's absolutely fantastic! 👌
I can see the completion percentage increasing and even though I'm only past a third of the content I'm already feeling sad that it's going to come to an end some day.
That's a feeling I don't get a lot when doing these kind of courses.
 
Hope you have a fantastic day and thank you for the amazing content you've produced.

MathiasSystem Engineer

"...To be honest I struggled in school with forensics because I found it boring and hard to follow. This PWF course was great though. Lab set up was easy, instructions were clear. I didn't feel like I need to speed up or slow down the videos.

I felt like the content built on one another. The course felt like it stepped through everything appropriately and then provided a summarization and closure. I have a good understanding of the material and want to continue forensicating stuff.

I only have positive things to say and will be recommending it to others for sure.

Course goes through a handful of tools and techniques and provides a good overview on the process of windows forensics. Throughout the course I felt like the instructor highlighted things you will want to do more research on as well as links to the material.

Overall 10/10. This was an amazing intro to Windows forensics."

MikeForensic Analyst

"...I really enjoyed it. I thought it was put together very, very well. In my last role, we had to develop a honeypot network and used a lot of these techniques to identify artifacts we needed to obfuscate.

I wish I had this course when we were going through that! I think this course is just as valuable for pentesters as it is for DFIR folks. Thanks very much for putting this together!"

th0m12Analyst

Previous
Next

Course Description

The course covers how to perform a full digital forensic investigation of a Windows system. It begins with the simple preparation of our lab, which consists of setting up a “victim” VM and a forensic workstation. We’ll then run an attack simulation script (open-source PWF Attack script) on the victim VM that simulates attack patterns as commonly observed by threat actors in the industry to create a realistic setting for our investigation. From there, we’ll kick off the forensic process, beginning with the data collection, examination and extraction before diving deeper into the analysis of the information at hand.

The data analysis section consists of a comprehensive investigation, including various tools and many different forensic artifacts with which every analyst should be familiar. We will not only analyze artifacts, but also discuss their behavior to learn when, why and how to interpret the data contained within these artifacts. The analysis begins with Windows disk and memory artifacts and ends with the analysis of the timelines generated from both.

This course also covers many important artifacts and concepts relating to Windows forensic analysis. We’ll use several freely available tools for the analysis that are well known and recognized in the industry. The student will leave the course with a comprehensive understanding of the forensic process, important Windows artifacts and forensic tools and a forensic workstation available and ready to go for future investigations.


Picture of Markus Schober

Markus Schober

Course Instructor

Markus has an extensive background in the Digital Forensics and Incident Response field. Throughout his career, he has led numerous real-world cyber response cases and acquired valuable experience that he is enthusiastic about sharing with colleagues, clients, and students.

If you are not sure, you can also enroll in the free Practical Windows Forensics Preview course to enjoy several lessons for free!

FAQs:

This is a self-study course that you can take on-demand, at your own pace. There are about 11 hours of hands-on video content.

This course has received stellar reviews by students as well as seasoned professionals alike. It is easy to follow, but dives deep into the digital forensic domain showing also advanced techniques to perform a comprehensive forensic investigation.

It’s recommended to have:

  • Basic IT knowledge and familiarity with Windows operating systems and virtualization.
  • Basic knowledge of command line utilities (Windows CMD, PowerShell, Ubuntu).

Yes, upon completion of the course, your certificate of completion will automatically show up on the course page!

No, you will have to build a basic course lab offline. During the course you will step by step learn how to create two Windows VMs. One VM to run the attack script, which will be the system to investigate throughout the course. Another VM to build a forensic workstation with tools to analyze forensic artifacts. They do not need to run at the same time!

If interested in an online version only, check out the Practical Windows Forensics with labs . 

 

Min. 4GB RAM and 60 GB storage; Ideally, 8GB RAM, 2+ CPUs and 150GB storage (specifically for the last section “Super timelines”)

We will be using VirtualBox as the hypervisor of choice throughout the course. However, it is easily possible to use VMWare products as well.

You will have access for the entire life time of the course.

Due to the nature of digital goods, we generally do not offer refunds or exchanges. Once a digital product or service is purchased and delivered, it is considered consumed and cannot be returned. However, we understand that exceptions may arise, and we will evaluate refund requests on a case-by-case basis.

Yes! Please contact us directly.

Yes! Please join our lively community on Discord server for any chatting and questions alike. Link: https://discord.gg/WKsaGE2CV3

Bonus: Forensic Cheat Sheet

Download the Practical Windows Forensics Cheat Sheet PDF for free to guide your investigations!

Course Content

Expand All
2) Lab Setup 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
8) Reporting 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps
9) Final! 1 Topic
Expand
Lesson Content
0% Complete 0/1 Steps

Average Review Score:
★★★★★

You must log in and have started this course to submit a review.

Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information
Professional Experience
I'm interested in

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.