ICAC-WinArt Class List
ICAC-Cybercop 315 - Windows Artifacts
This course is funded through OJJDP. To register for this class, you must be affiliated with an ICAC Task Force. Furthermore, you must agree to comply with the Best Practices and Standards established by ICAC. If you have any questions about the ICAC Best Practices and Standards, please contact your ICAC commander.
This 4 1/2 day course introduces the student to the
identification and extraction of artifacts associated with Windows operating
systems (XP through Windows 8.1) and the NT file system with an emphasis on the
forensic value of these artifacts. Topical areas include named data
streams, reparse points, encrypted objects, and a detailed examination of the
various artifacts found in each of the registry hive files. Students
will also examine event logs, volume shadow copies, link files, and
PREREQUISITES: This course requires the student have previous training in Cybercop 101 - BDRA and Cybercop 201 - IDRA, or the equivalent and experience drawn from the application of the techniques utilized in these classes.
There are currently no scheduled classes for this course. If you are interested in knowing when the next class might be offered
or would like more information in general please see the training contact information on this page.
Back to List