Overview

​

This class will take students through multiple labs designed to teach them key Windows forensics skills.

 

Unlike other courses, students start with the labs and learn by doing. Participants work through several exercises where they analyze various aspects of Microsoft Windows using computer forensics on one or more compromised systems.

 

Each lab starts with a brief introduction, followed by the lab itself. After an allotted time has passed, the techniques used to analyze the system and answer the questions will be discussed.

 

Sample skills utilized in the labs include analyzing logs, the file system, the registry, and memory. In addition to the class labs, students will be given additional labs to perform independently and at their own pace. This course is designed for those with different Windows forensics skill levels - from beginners to experts, so there will be challenges for everyone. However, the labs chosen will be tailored to the overall skill level of the class.

​

Course Requirements

​

• Students should bring a laptop with one VMs:

  • One Windows VM (Windows 10 or above)

  • A second forensic VM is optional (https://tsurugi-linux.org/ or https://www.sans.org/tools/sift-workstation/ are good)

• VM software should be able to take snapshots.

• All other materials will be supplied.

​

​

Instructor Bios

Steven Erwin
Steven has over 11 years experience in networking and security and over five years in Incident Response. His industry experience ranges from steel mills and healthcare to small offices and electrical control systems.

​

EDUCATION & CERTIFICATIONS

• BS – Information Security Technology – Purdue University

• GIAC Network Forensic Analyst (GNFA)

• GIAC Certified Forensic Analyst (GCFA)

PROFESSIONAL AFFILIATIONS

• GIAC Advisory Board

​

PASSION FOR SECURITY
Steven has always had an interest in computers. He started his career as a network engineer then transitioned into a network security role. That role drove him to learn as much as possible about security. Making sure to learn from everyone around him, he understands that security requires continuous education and training.

​

Olivia Cate
Olivia is a highly skilled and dedicated professional on the Incident Response Team at TrustedSec. With a background in cybersecurity and a passion for mitigating threats, she works closely with clients to respond to security incidents and provide actionable recommendations to enhance incident detection, response, and recovery capabilities.

​

EDUCATION & CERTIFICATIONS

• Associates of Science in Cybersecurity & Computer Forensics, Stark State

PROFESSIONAL AFFILIATIONS

• WiCYS (Women in Cybersecurity)

​

PASSION FOR SECURITY
Olivia has always had a strong interest in STEM with a heavy focus in Chemistry, Forensics, and Technology. Cybersecurity is the perfect field to combine her interests and investigative intrigue. She is always eager to solve the puzzle and increase her knowledge of the ever-expanding information technology field.

 

​