X

Enroll your team

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Register

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Request Access

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Pre-register

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

Windows digital forensics

Built for Tier 2 Analysts

Intermediate

$1,400 inc. tax per learner

Intermediate

$1,400 inc. tax per learner

Enroll my team
Request demo access

Background

Incident specialists, emergency response services, and digital forensics researchers are all united by in-depth knowledge in the field of digital forensics. To become a part of this community, you can turn to our Windows Digital Forensics course, which is designed specifically to provide you with the necessary knowledge and practical experience, drawing upon the extensive experience of experts from the Kaspersky Global Emergency Response Team (GERT).

Our high-level expert in the field of digital forensics, Ayman Shaaban, will introduce you to some important areas, including basic technical concepts and definitions, and explain the incident response, and how digital forensics is part of the process.

He will also demonstrate the analysis of various Windows artifacts with all the necessary tools gathered in one place — in your virtual environment. You will also be able to apply technical analysis yourself in a simulated active compromised directory to detect malicious traces of cyber attack. 

Our course emphasizes practical application, mirroring real-world scenarios to provide participants with a comprehensive understanding of incident response, allowing participants to gain invaluable insights and hands-on experience. By the end, you’ll be proficient in incident scoping, evidence acquisition, log file analysis, network analysis, creation of Indicators of Compromise (IoCs), and memory forensics. Armed with this knowledge, you’ll be better equipped to detect and mitigate threats swiftly, minimizing their impact and containing the damage effectively.

Ayman Shaaban
(@Ayman
Shaaban)

Digital Forensics and Incident Response Group Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009, where he participated in building digital forensics labs, and provided response and analysis for cyber incidents in different industries. Additionally, he has developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security, and he obtained various DFIR certificates. In 2016 he published his book “Practical Windows Forensics”.

Overview & Objectives

  • Acquire the fundamental expertise essential for digital forensics.
  • Comprehend the methods of obtaining diverse digital evidence and managing it within a forensically sound setting.
  • Demonstrate proficiency in utilizing the tools and resources of digital forensics.
  • Analyze browser and email histories effectively.
  • Be able to find traces of malicious actions related to incidents in MS Windows artifacts.
  • Learn how to use timestamps from various Windows artifacts to restore an incident scenario.

Syllabus

Who it's for

InfoSec professionals

For incident response and digital forensics teams, working in a dynamic environment and willing to continuously enhance their practical skills in digital forensics.

Cybersecurity consultancies

The course is designed for specialist consultancies that aim to equip their teams with relevant practical skills, enabling them to offer forensics investigation services to their clients.

Enterprises

For cybersecurity professionals who would like to upgrade technical analysis skills in the digital forensics domain.

How you’ll learn

Guided video lectures

Learn from incident response expert Ayman the Global Emergency Response Team, GERT, who has years of experience working in real-world investigations.

Practical virtual laboratory

Practice in our fully configured virtual laboratory on real-world incidents.

Interactive learning

The course is based on progressive learning with a consistent modular structure based on expert reviews of each task, practical work in a virtual laboratory and detailed step-by-step solutions.

Benefits

Access

6 months to complete your course

Language

Course delivered in English

Pace

Pace Self guided learning that fits around your life

Access to Virtual lab

100 hours in browser based Virtual lab with hands on training

Learning environment

Browser based via desktop, mobile or tablet

Guided videos

50+ videos to guide you through the course

Certification of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Course author

Member of Kaspersky Global Emergency Response Team (GERT)

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up