Event Dates
–
Eastern
Location
St. Paul, MN
Address
Minnesota Bureau of Criminal Apprehension
1430 Maryland Avenue East, BCA Building, 2nd Floor
St. Paul, MN
This course covers the identification and extraction of artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal, BitLocker® , and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and jump lists. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.
Key concepts covered in this course include:
- The registry
- Shellbags
- Mounted devices
- Change journal
- Prefetch
Excel Office 365 recommended, versions 2010 and newer will be functional.
Date Created: August 11, 2022