Nuix Workstation® Forensic Practitioner Windows

Date:TBA

Price: $3000 per person

Location: Instructor Led, Fyshwick ACT (subject to COVID-19)

More Info

Nuix Workstation® Forensic Practitioner Windows

 

The Nuix Workstation Forensic Practitioner Windows is a two-day certification course designed for the seasoned investigator looking to advance their knowledge in the understanding of the Microsoft Windows operating system.  This course is best suited for individuals who have a thorough understanding of digital forensic investigations.  During the Nuix Workstation Forensic Practitioner Windows course, participants will:

 

  • Learn to identify, analyse and report on common artifacts of user activity on Microsoft Windows systems
  • Examine how Windows stores information in the Windows Registry, the recycle bin, recent items, user directories and system folders in all versions of Windows
  • Include a detailed look at email including how to identify, sort, search, and deduplicate
  • Learn how browsers store history, cookies, cache files
  • Understand how the operating system uses link files, prefetch files and metadata that can be forensically useful

MODULE 1: COURSE INTRODUCTION & PRODUCT OVERVIEW

  • Class Introductions
  • Class Objectives
  • Overview of Nuix Technology
  • Nuix Support

MODULE 2: METADATA

  • Overview of Metadata
  • Metadata Types in Nuix Workstation Filter and Search Metadata
  • Date and Time Metadata
  • Image Metadata
  • MS and Open Office Document Metadata
  • Derived Metadata Fields
  • Custom Metadata Fields

MODULE 3: FILE & SECURITY SYSTEMS

  • Disks, Partitions & File Systems
  • The Baseline PC Boot Process
  • Reparse Points & Symbolic Links
  • Windows File System & Partition Structure
  • Windows Security & Identify Foundations

MODULE 4: RECOVERING DATA

  • Understanding Data Deletion
  • The Recycle Bin
  • Unallocated Space
  • Slack Space
  • Windows 1 O Recycle Bin
  • Windows XP Recycle Bin
  • Recovering Unallocated and Slack Space

MODULE 5: EVENT LOGS

  • What are Windows Event Logs and How are They Formatted?
  • Windows 1 O Event Logs
  • Windows XP Event Logs

MODULE 6: REGISTRY BASICS

  • Registry Overview
  • Understanding the NT Registry Files
  • Understanding Forensic Usefulness of Browser Data
  • Processing the Registry
  • Reviewing Useful SAM, System & Software
  • Registry Artifacts

MODULE 7: LINK &JUMP FILES

  • Overview of Windows Shortcuts
  • Link Files &Jump Lists
  • Distributed Link Tracking Service
  • File System Artifacts
  • Processing Link Files in Nuix
  • Windows 8 Immersive App Link Files

MODULE 8: BROWSERS

  • The Most Popular Browsers
  • Examining Cached Data, User Settings & History
  • Processing Browser Data in Nuix

MODULE 9: PREFETCH & SUPERFETCH

  • Overview of PreFetch and Super
  • Fetch Settings & Configuration
  • Prefetch Files
  • Layout.ini Files
  • Examining Specific Event Types

MODULE 10: VISUALIZING DATA USING CONTEXT

  • Context Tab
  • Analysis Graph

 

Students will be enrolled in the Nuix Workstation Forensic Practitioner Windows exam. Passing of the Nuix Workstation Forensic Practitioner Windows exam is a requisite for the Nuix Forensic Practitioner Master Certification.