NUIX Windows Investigations Training Course

Nuix Windows Investigation training is aimed at advanced Nuix users who want to get the most out of their investment.

Nuix Windows Investigations is a two-day classroom-based training course designed for investigators with previous experience in the Nuix Investigator tool. It covers advanced techniques for using Nuix Investigator and third-party utilities to identify, analyze and report on common artifacts of user activity on Microsoft Windows systems. This training course
will examine how Windows stores information in the Windows Registry, the recycle bin, recent items, user directories
and system folders in all versions of Windows. It will include a detailed look at email including how to identify, sort,
search and deduplicate. Student will learn how browsers store history, cookies, cache files, and how the operating
system uses link files, prefetch files, and metadata that can be forensically useful.

PREREQUISITES: To obtain the maximum benefit from this course, participants should meet the following requirements:
perform basic operations on a personal computer, be familiar with Microsoft Windows environments, at least 6 months’
experience in forensic investigations and attended the Nuix Foundations – Investigations & Response training course.

THE 2 DAY TRAINING COURSE CONSISTS OF THE FOLLOWING MODULES:

Module W01: Metadata

• Metadata overview
• File system and MS Word metadata
• Image EXIF data
• Searching metadata in Nuix
• Chain of Custody

Module W02: File & Security Systems

• Disks, partitions & File systems
• The baseline PC boot process
• Reparse points & Symbolic links
• Windows File system & partition structure
• Windows Security & identify foundations

Module W03: Recovering Data

• Unallocated & Slack space
• Windows Recycle bin
• Data recovery
• Carving with Nuix

Module W04: Event Logs

• Windows Event log formats
• Default log views
• Processing logs into Nuix
• Searching and filtering Logs entries
• Examining specific event types
• Overview of XP logs

Module W05: Registry Basics

• Registry overview
• Understanding the NT registry files
• Understanding forensic usefulness of browser data
• Processing the registry
  o Smart processing
• Reviewing comply useful SAM, system &
  software registry artifacts

Module W06: Link & Jump Files

• Overview of Windows shortcuts
• Link files & jump lists
• Distributed link tracking service
• File system artifacts
• Processing Link files in Nuix
• Windows 8 immersive app link files

Module W07: Emails

• Email mailbox processing
• Metadata profiles for email
• Identifying & handling attachments
• Sorting emails, threads & duplicates
• Cluster Runs
• Email visualizing and reporting

Module W08: Browsers

• The Main Browsers
  o IE, Firefox & Chrome
• Examining cached data, User Settings & History
• Processing browser data in Nuix
• Searching & filtering browser data

Module W09: Prefetch & Superfetch

• Overview of PreFetch and SuperFetch
• Settings & Configuration
• Prefetch files
• Layout.INI files