Nuix Workstation® Forensic Practitioner Windows

Course Information

    If the scheduled dates above don't suit or if there are no available dates currently listed, but you are interested in the class, kindly fill in your details below to be added to our Register of Interest.

     

    A member of our training team will contact you with alternative arrangements.

     

    Nuix Workstation® Forensic Practitioner Windows

     

    The Nuix Workstation Forensic Practitioner Windows is a two-day certification course designed for the seasoned investigator looking to advance their knowledge in the understanding of the Microsoft Windows operating system.  This course is best suited for individuals who have a thorough understanding of digital forensic investigations.  During the Nuix Workstation Forensic Practitioner Windows course, participants will:

     

    • Learn to identify, analyse and report on common artifacts of user activity on Microsoft Windows systems
    • Examine how Windows stores information in the Windows Registry, the recycle bin, recent items, user directories and system folders in all versions of Windows
    • Include a detailed look at email including how to identify, sort, search, and deduplicate
    • Learn how browsers store history, cookies, cache files
    • Understand how the operating system uses link files, prefetch files and metadata that can be forensically useful

    MODULE 1: COURSE INTRODUCTION & PRODUCT OVERVIEW

    • Class Introductions
    • Class Objectives
    • Overview of Nuix Technology
    • Nuix Support

    MODULE 2: METADATA

    • Overview of Metadata
    • Metadata Types in Nuix Workstation Filter and Search Metadata
    • Date and Time Metadata
    • Image Metadata
    • MS and Open Office Document Metadata
    • Derived Metadata Fields
    • Custom Metadata Fields

    MODULE 3: FILE & SECURITY SYSTEMS

    • Disks, Partitions & File Systems
    • The Baseline PC Boot Process
    • Reparse Points & Symbolic Links
    • Windows File System & Partition Structure
    • Windows Security & Identify Foundations

    MODULE 4: RECOVERING DATA

    • Understanding Data Deletion
    • The Recycle Bin
    • Unallocated Space
    • Slack Space
    • Windows 1 O Recycle Bin
    • Windows XP Recycle Bin
    • Recovering Unallocated and Slack Space

    MODULE 5: EVENT LOGS

    • What are Windows Event Logs and How are They Formatted?
    • Windows 1 O Event Logs
    • Windows XP Event Logs

    MODULE 6: REGISTRY BASICS

    • Registry Overview
    • Understanding the NT Registry Files
    • Understanding Forensic Usefulness of Browser Data
    • Processing the Registry
    • Reviewing Useful SAM, System & Software
    • Registry Artifacts

    MODULE 7: LINK &JUMP FILES

    • Overview of Windows Shortcuts
    • Link Files &Jump Lists
    • Distributed Link Tracking Service
    • File System Artifacts
    • Processing Link Files in Nuix
    • Windows 8 Immersive App Link Files

    MODULE 8: BROWSERS

    • The Most Popular Browsers
    • Examining Cached Data, User Settings & History
    • Processing Browser Data in Nuix

    MODULE 9: PREFETCH & SUPERFETCH

    • Overview of PreFetch and Super
    • Fetch Settings & Configuration
    • Prefetch Files
    • Layout.ini Files
    • Examining Specific Event Types

    MODULE 10: VISUALIZING DATA USING CONTEXT

    • Context Tab
    • Analysis Graph

     

    Students will be enrolled in the Nuix Workstation Forensic Practitioner Windows exam. Passing of the Nuix Workstation Forensic Practitioner Windows exam is a requisite for the Nuix Forensic Practitioner Master Certification.

    Related Posts

    SuperWiper Desktop 12 NVMe ports PCIE4.0 Multiple NVMe SSD Data Erase Unit

    April 8, 2024

    SuperWiper 8” T4 SAS/SATA and USB3.2 Portable Data Erase Unit – Erase 13 Storage Devices

    April 8, 2024

    SuperWiper 8″ 4 SAS/SATA and 8 USB3.2 Ports Portable Economic Eraser Unit – Erase 12 Storage Devices

    April 8, 2024