Twitter Linked In

Windows 8 Forensics
Sorry there are currently no sessions scheduled for Windows 8 Forensics.
Please let us know you are interested in this course.

Fulcrum Training Vendors
Windows 8 Forensics

This advanced three-day course provides the knowledge and skills necessary to analyze the New Microsoft Windows 8 operating system artifacts, user data and file system mechanics in Storage Spaces using the Forensic Toolkit (FTK), FTK Imager and Registry Viewer. During this three-day workshop, participants will review Windows 8 features, learn of artifact locations for Internet Explorer and Immersive Application cache data, describe the new File History service and artifact processing. Students will also review Windows 8 artifacts such as Virtual Hard Disks, Storage Pools and updated NTFS structures finishing with an overview of core registry files and new values of forensic interest pertaining to user activity on a Windows 8 system. 


To obtain the maximum benefit from this course, you should meet the following requirements: Able to understand course curriculum presented in English

Attendance at the AccessData Forensic BootCamp or equivalent experience with FTK, FTK Imager, and Registry Viewer.
Familiarity with Windows NT file system (NTFS) mechanics
Familiarity with the Microsoft Windows environment and Windows forensic analysis

Basic knowledge of computer forensic investigations and acquisition procedures Knowledge of Microsoft Windows environment. 

Class Materials and Software:

You will receive the associated materials prior to the course.

During this three-day course, participants will review the following:

Windows 8 File Structure Changes
o Folder Structures
o PageFile and SwapFile functions o ToGo feature
o BitLocker updates
o Cloud integration overview
o Thumbnail caching
o PC Refresh options

GUID partition table schema
Immersive applications and their associated artifacts Internet Explorer 10 and 11 forensic analysis
File History and System Restore Points
Storage Options

o Storage Spaces

o VHDx format
Windows 8 Registry structure and artifacts 

Windows 8 Forensics
Sorry - there are no sessions available to book.
Contact us
Australia:+61 (0)2 8012 9810
Singapore:+65 9297 1289
Customer Service:
Technical Support:
Training Bookings:
Register For the Fulcrum Newsletter HERE

© Fulcrum Management 2012
Verification Code:
Verification Code: