The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.
제공자:
컴퓨터 포렌식스 특화 과정정보 보안이 강좌에 대하여
최근 조회 5,625회
유연한 마감일
일정에 따라 마감일을 재설정합니다.
공유 가능한 수료증
완료 시 수료증 획득
100% 온라인
지금 바로 시작해 나만의 일정에 따라 학습을 진행하세요.
다음 특화 과정의 3개 강좌 중 3번째 강좌:
중급 단계
완료하는 데 약 8시간 필요
영어
자막: 영어
유연한 마감일
일정에 따라 마감일을 재설정합니다.
공유 가능한 수료증
완료 시 수료증 획득
100% 온라인
지금 바로 시작해 나만의 일정에 따라 학습을 진행하세요.
다음 특화 과정의 3개 강좌 중 3번째 강좌:
중급 단계
완료하는 데 약 8시간 필요
영어
자막: 영어
제공자:
정보 보안
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. Learn more at infosecinstitute.com.
강의 계획표 - 이 강좌에서 배울 내용
완료하는 데 16분 필요
Introduction to the Windows Registry
Discover what the Windows Registry is and why it is important in digital forensic investigations. This module will explore the location and structure of the registry hives in a live and non-live environment, as well as the types of forensic evidence found in the Windows Registry. This will include: user account information, system-wide and user-specific settings, file access, program installation and execution, search terms, auto-start locations and devices attached to the system.
완료하는 데 16분 필요
2개 동영상 (총 16분)
완료하는 데 1시간 필요
Preparing to Examine the Windows Registry
Learn how to set up a forensic workstation to properly examine the Windows Registry. This module takes a look at the location of the Registry files within the Windows OS and the many tools freely available to view the file structure and artifacts contained within the Windows Registry. It includes instruction on the installation, proper use and validation of your forensic software, showing how to get the most out of your automated tools while maintaining an understanding of what the tool is doing behind the scenes.
완료하는 데 1시간 필요
4개 동영상 (총 57분)
완료하는 데 2시간 필요
NTUser.Dat Hive File Analysis
This module demonstrates an in-depth analysis of the artifacts contained within the NTUser.Dat hive file. This module will show examiners how to locate programs and applications, mounted volumes and connected devices specific to a user, user search terms and typed URLs. Examiners will also be able to locate and identify opened and saved files, typed URLs, user-specific programs set to run at startup and application installation and execution. Examiners will be able to locate, examine and interpret MRU lists (Most Recently Used), UserAssist, user system settings and recently used files.
완료하는 데 2시간 필요
9개 동영상 (총 136분)
완료하는 데 1시간 필요
SAM Hive File
This module explains forensic artifacts found in the SAM (Security Account Manager) file, which stores and organizes information about each user on a system. This module demonstrates how to identify each user account on a local machine using the relative identifier. Examiners can also learn to interpret username information including the users’ login dates, times and login count. The module will show how to identify the machine that the user account was created on, by interpreting a users’ SIDs (machine/domain identifiers) and recovering user password hashes.
완료하는 데 1시간 필요
5개 동영상 (총 50분)
컴퓨터 포렌식스 특화 과정 정보
This three part InfoSec Specialization covers a wide variety of Computer Forensics topics. In the Digital Forensics Concepts course, you will learn about legal considerations applicable to computer forensics and how to identify, collect and preserve digital evidence. This course dives into the scientific principles relating to digital forensics and gives you a close look at on-scene triaging, keyword lists, grep, file hashing, report writing and the profession of digital forensic examination. The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files. Finally, the Windows OS Forensics course covers windows file systems, Fat32, ExFat, and NTFS. You will learn how these systems store data, what happens when a file gets written to disc, what happens when a file gets deleted from disc, and how to recover deleted files. You will also learn how to correctly interpret the information in the file system data structures, giving the student a better understanding of how these file systems work. This knowledge will enable you to validate the information from multiple forensic tools properly.
자주 묻는 질문
강의 및 과제를 언제 이용할 수 있게 되나요?
이 전문 분야를 구독하면 무엇을 이용할 수 있나요?
재정 지원을 받을 수 있나요?
궁금한 점이 더 있으신가요? 학습자 도움말 센터를 방문해 보세요.
