The class contains demos that will be walked through and explained using one piece of evidence followed by mini labs where you will use the same concepts learned in the demo on mock incident data looking for items of interest. Classes follow the general Cyber Fire Foundry schedule, starting in the morning, ending in the afternoon with a break in the morning, a lunch break, and an afternoon break.
This class is geared toward anybody wishing to learn more about forensic
artifacts from Windows systems, how Windows operates internally, and common
file systems. This includes incident responders, security operations center
staff, red teamers, penetration testers, computer technicians looking to
start in forensics, and more.