TRAININGS
Professional & dedicated training programs
Why Come?
This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analysing Windows artifacts.
Course Components
Main components of the course:
• Examination of the Microsoft Windows Registry
• The use of block-based file hash analysis for file recovery
• Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
• Examination and recovery of Windows event logs
• Hardware and software RAID technology, acquisition, and examination
• Understanding SQLite databases and querying their data
• Recovering deleted SQLite data
• The purpose and function of prefetch files and how to analyse them
• Principles of encrypted data recovery
• Various techniques on the examination of RAM
• Low-level data recovery from Zip files and the latest version of Microsoft Word documents
Course requirements
A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the course DF320-Building an Investigation.
Certification
All participants will receive official certification from Magnet Forensics after successfully completing the course.
Cost Requirements
As AX250 is an advanced course we recommend to do the Magnet Axiom AX200 course first. AX200 provides a deep understanding of AXIOM and helps the students to concentrate on the mobile part of the investigations in AX250.
Qualifications attained
- Know advanced concepts for the analysis of Windows artifacts
- Know the parsing and analysing techniques for Registry files, Volume Shadow Service, RAM, zip files, prefetch and SQLite contents.
Request quote
Here you have the opportunity to register for the current training. Or contact us for more information.