Minnesota Bureau of Criminal Apprehension
1430 Maryland Avenue East, BCA Building, 2nd Floor
St. Paul, MN
This course covers the identification and extraction of artifacts associated with the Microsoft® Windows® operating system. Topics include the change journal, BitLocker® , and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and jump lists. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.
Key concepts covered in this course include:
- The registry
- Shellbags
- Mounted devices
- Change journal
- Prefetch
Excel Office 365 recommended, versions 2010 and newer will be functional.