SDF: Shimcache Forensics
SDF: Shimcache Forensics
Genre: eLearning | MP4 | Video: h264, 1280x720 | Audio: aac, 44100 Hz
Language: English | VTT | Size: 987 MB | Duration: 1.5 hours
Genre: eLearning | MP4 | Video: h264, 1280x720 | Audio: aac, 44100 Hz
Language: English | VTT | Size: 987 MB | Duration: 1.5 hours
Learn how an analyze Windows Shimcache evidence
What you'll learn
Understand the Shimcache artifact
Be able to explain Shimcache evidence
Learn the user behaviors that affect the artifact
Know how to validate Shimcache evidence
Learn how to interpret artifact results
Learn how to use freely available tools to extract in parse the artifact
Requirements
Windows 8 or Windows 10 system (Windows 10 recommended)
All in-class forensic programs are freely available and download links provided
Student testing and validation material provided
Description
Welcome to the Surviving Digital Forensics series. This class is focused on helping you become a better computer forensic examiner by understanding how to use Windows Shimcache data to prove file use and knowledge - all in about one hour.
As with previous SDF classes you will learn by doing. The class begins with Windows Shimcache fundamentals and will provide an understanding of how the artifact works. Then students delve into several validation exercises to observe how user driven activity affects Windows Shimcache evidence. The last section teaches students how to use freely available DFIR community built forensic tools to examine Shimcache evidence. By the end of the class students will have a solid understanding of how to use the Windows Shimcache as evidence, understand the types of user behaviors that affect the Shimcache and know how to use Windows Shimcache forensic tools.
Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or with any forensic tool you choose. Therefore you are not just going to learn about the Windows Shimcache but you will learn a method you can use to answer questions that may come up in the future.
A PC running Windows 8 or Windows 10 is required for this course. The forensic tools we use are all freely available, so beyond your laptop and operating system all you need is the desire to become a better computer forensic examiner.
Who this course is for
Computer forensic analysts
IT professionals
Security analysts
Students