Forensics Analysis

Course Description

This course offers an in-depth exploration of Windows operating system internals, focusing on advanced debugging techniques, system architecture, memory management, and security features. Designed for professionals and advanced learners with a solid foundation in operating systems and programming, the course will provide practical insights into the complexities of Windows’ core components and how they interact to ensure system stability, performance, and security.

Course Format: 10 days or 5 days if you’ve taken the security class with us or have prior knowledge

Target Audience

This course is intended for software developers, system administrators, security professionals, and advanced learners who seek to deepen their understanding of Windows internals and improve their debugging and system analysis skills.

Course Outline

  • WinDBG Scripting & NatVis
  • Hidden Processes
  • Registry Carving
  • Shared Memory Forensics
  • Cached File Forensics

WinDbg Primer

Debugging, Kernel debugger for local and remote debugging, Symbol setup, Legacy commands and Extensions

Debugger Data Model and LINQ

WinDbg’s debugger data model and NatVis, debugger variables, synthetic methods, LINQ, debugger namespace, special debugger capabilities

JavaScript

Integration with WinDbg, Imperative and extension scripts