Mastering Windows Forensics

Learn to uncover evidence of security incidents in Windows systems. Whether you're looking to learn new skills, master new tools, or fine-tune your threat detection capabilities, this course can help.

🎯 Get strategies for understanding attack vectors, improving forensic investigations, and crafting robust Windows endpoint defenses.

Course Outline 📋

🔎 Windows Search Artifacts

Uncovering search histories and patterns.

💾 NTFS Structures

Navigating the NT File System for Forensic Insights.

🖥️ Disk Imaging

Techniques for creating accurate replicas of storage devices.

🧠 Memory Dumps

Capturing RAM contents for forensic evidence.

⚡ Windows Prefetch

Understanding application use and execution.

🔌 Hardware-Related Artifacts

Identifying physical device use and connections.

🗑️ The Recycle Bin

Recovering deleted files and understanding deletion patterns.

📊 Log Analysis

Leveraging Windows logs for forensic evidence.

📝 Windows Logging

Deep dive into logging mechanisms.

🌐 Internet Browser Artifacts

Tracking online activities and histories.

📈 SRUM Database

Analyzing system resource usage for forensic clues.

🚨 Identifying Suspicious Files and Settings

Techniques for detecting malware and intrusions.

🏢 Active Directory and its Database

Exploring user and device behaviors in networked environments.

🗂️ Windows Registry Analysis

Deciphering registry entries for user actions and system configurations.

👤 User Profile Analysis

Investigating user profiles for personalization and usage patterns.

🛡️ Managing Digital Forensics and Incident Response

Best practices for efficient and effective analysis.

💻 Online and Offline Analysis

Approaches for analyzing systems in different states.

📚 Case Studies and Real-world Scenarios

Applying knowledge to practical situations.

Pricing Options 💰

Course Access Only 📚

$399 one-time payment

Mastering Windows Forensics Course

Access to 20 mini-lessons on Windows Forensics (3.5 hours+ of materials)Lifetime access to all the recordings and future updates

Checkout

Access to a course with a carefully curated collection of crucial topics that will elevate your expertise in cybersecurity, explicitly focusing on mastering Windows Forensics.

Includes:

• Access to 20 mini-lessons on Windows Forensics (3.5 hours+ of materials)
• Lifetime access to all the recordings and future updates

Course + Membership Access 👥

$999 one-time payment

Microsoft Security Pro Club Membership Access [2024]

Access to Mastering Windows Internals Course (9 hours of videos & handy notes)Access to Mastering Windows Forensics Course (3.5 hours+ of materials)2 l…

Checkout

Access to relevant stuff that matters for those who want to be smarter about Microsoft Security, level up cybersecurity skills, and accelerate a career.

Includes:

• Everything in Course Access
• 2 live sessions per month from Grzegorz and guest speakers (access to recordings from all previous sessions)
• Access to Mastering Windows Internals Course (9 hours of videos & handy notes)
• Lifetime access to the community of 200+ cybersecurity professionals

Who is Mastering Windows Forensics For 🎯

🚀 You're ready to delve deeper

but unsure of the most effective path to advance your knowledge.

🏆 You have extensive experience in cybersecurity

but you feel like you've hit a plateau.

💪 You're eager to tackle more complex challenges

but the landscape of Windows Forensics seems vast and overwhelming.

📖 You want to upskill

but the thought of self-guided learning feels too daunting and unstructured.

⭐ You want to stand out in your field

but are unsure how to elevate your expertise beyond the norm.

🔧 Perhaps you're already a seasoned professional

but you feel like you're not progressing at the pace you anticipated.

🎯 Maybe you're a penetration tester, a security researcher, or a system administrator

and you're ready for the next step, but you need the suitable materials to guide you.

Curated by Grzegorz Tworek 👨‍💻

Microsoft MVP, Security Fanatic, personified Windows Defender. Member of Microsoft Security Trusted Advisors and the Microsoft Springboard Technical Experts Panel.

Led the Windows Team in the NATO Cooperative Cyber Defence Centre of Excellence's Locked Shields exercises in 2021, 2022, and 2023.

Also has a contribution to the GitHub Archive Program's Arctic Code Vault and has been nominated as a Microsoft Most Valuable Professional for 17 consecutive years, starting from 2007.

Trusted by Professionals 🤝

Tomasz Onyszko

CTO of Predica, Microsoft Regional Director (ex 14 times MVP)

"In its unique way, Grzegorz knows how to convey his deep knowledge in real-world use cases and scenarios. Learning with him and tapping into his way of thinking is a one-of-a-kind learning experience."

John Hammond

Cybersecurity Researcher, Educator

"The way Greg (Grzegorz) presents topics is truly engaging and fascinating. His knowledge is of high quality and top-notch. If you want to dive deeper into Microsoft Security, learning from him is a must."

Piotr Więcek

Freelance Offensive Security Specialist

"Grzegorz is a recognized expert in the field of Windows, excelling at simplifying complex topics for easy understanding. The materials he presented during the sessions helped me improve my skills as a penetration tester."