Windows Forensics Investigation (WFI)

Course Title:

Windows Forensics Investigation (WFI)

Course Duration:

12 Weeks – 2 Hours a Day, 5 Days a Week

Course Objectives:

The Course is designed to provide fundamental skills needed to conduct forensics investigation in windows operating system. The course will cover different concepts and techniques required to collect evidence from windows environment.

Course Contents:

  1. Windows Forensics
    • Collecting Volatile Information
    • Collecting non-Volatile Information
    • Windows Memory Analysis
    • Windows Registry Analysis
    • Cache, Cookie and History Analysis
    • MD5 Calculation
    • Windows Files Analysis
    • Metadata Investigation
    • Text Based Logs
    • Other Audit Events
    • Forensics Analysis of Events Logs
    • Windows Password Issues
    • Forensics Tools
  2. Forensics Investigation Using AccessData FTK
    • Overview and Installation of FTK
    • FTK Case Manager User Interface
    • FTK Examiner User Interface
    • Starting with FTK
    • FTK Interface Tabs
    • Adding and Processing Static, Live and Remote Evidence
    • Using and Managing Filters
    • Using Index Search and Live Search
    • Decrypting EFS and Other Encryption Files
    • Working with Reports
  3. Investigative Reports
    • Computer Forensics Reports
    • Computer Forensics Reports Template
    • Investigative Report Writing
    • Sample Forensics Report
    • Report Writing Tools
  4. Becoming an Expert Witness
    • Expert Witness
    • Types of Expert Witness
    • Scope of Expert Witness Testimony
    • Evidence Processing
    • Rules for Expert Witness
    • General Ethics While Testifying

    Student Learning Outcome

    Upon successful completion of the courses graduates will be able to understand the process of investigating cyber crime, laws involved, and the details in obtaining a search warrant, different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category, roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting the crime scene, windows forensics investigation.

    Target Group:

    Forensics Analysts, Penetration Testers, Auditors, Law Enforcement Personnel, Defence and Military personnels, Legal Professionals, Bankers, Security Professionals, Managers, Operational Personnel who have security as their primary job function, IT Engineers and Supervisors, Administrators, and anyone who is concerned about the integrity of the network infrastructures.

    Admission Requirements:

    Attending this course individual must have strong foundation in Information and Network Security. For those that are brand new to the field with no background knowledge, Certificate in Information and Network Security (CINS) would be the recommended starting point.

    Course Fee

    Tsh. 620,000/=

    Group Arrangement:

    TZS 85,000 per hour for group of 10-20 people
    Duration: 15 days; 8 hours a day

    Download Application Form for this Course