U.S. flag

An official website of the United States government, Department of Justice.

Advanced Digital Forensic Analysis: Windows

© rawpixel-com/freepik.com (see reuse policy).
Event Dates
St. Paul, MN

Minnesota Bureau of Criminal Apprehension
1430 Maryland Avenue East, BCA Building, 2nd Floor
St. Paul, MN

This course covers the identification and extraction of artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal, BitLocker® , and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and jump lists. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Key concepts covered in this course include:

  • The registry
  • Shellbags
  • Mounted devices
  • Change journal
  • Prefetch 

Excel Office 365 recommended, versions 2010 and newer will be functional.

Date Created: August 11, 2022