The GCFE (GIAC Certified Forensic Examiner) course teaches you how to conduct digital forensic investigations on Windows systems. You will learn how to acquire and analyze evidence from various sources, such as hard drives, memory, registry, event logs, browser history, and email. You will also learn how to use various tools and techniques, such as FTK Imager, Autopsy, Timeline Explorer, Log2Timeline, Shellbags Explorer, and Prefetch Parser, to recover deleted files, identify malware artifacts, and reconstruct user activity. The course prepares you for the GCFE certification exam that validates your skills in Windows forensic analysis.
Your course package is designed to provide maximum learning and convenience. This is included in the price of your course:
Your expert instructor will get you ready for the following exam and certification, which are not included in your course package.
The prerequisites for the GCFE are:
- Basic understanding of Windows operating system and file systems
- Basic familiarity with command line tools and GUI tools
- Basic knowledge of networking concepts and protocols
- Basic knowledge of malware analysis and reverse engineering
Using our engaging learning methodology including a variety of tools, we’ll cover the entire curriculum.
Introduction to Digital Forensics and Windows File Systems
- Overview of digital forensic process and methodology
- Overview of Windows operating system and file systems (NTFS, FAT, exFAT)
- Disk and file system concepts (sectors, clusters, MFT, slack space, etc.)
- Disk and file system acquisition methods and tools (FTK Imager, dd, etc.)
- Disk and file system analysis methods and tools (Autopsy, fsstat, fls, etc.)
Windows Artifact Analysis
- Overview of Windows artifacts and their forensic value
- Registry analysis methods and tools (RegRipper, Registry Explorer, etc.)
- Event log analysis methods and tools (Log Parser Lizard, Event Log Explorer, etc.)
- Browser history analysis methods and tools (Web Historian, Hindsight, etc.)
- Email analysis methods and tools (PST Viewer Pro, MBOX Viewer Pro, etc.)
File Recovery and Timeline Analysis
- Overview of file recovery techniques and challenges
- Deleted file recovery methods and tools (Recuva, PhotoRec, etc.)
- File carving methods and tools (Foremost, Scalpel, etc.)
- Timeline analysis concepts (MACB times, log2timeline format)
- Timeline analysis methods and tools (Timeline Explorer, Log2Timeline/Plaso)
- Overview of memory forensics concepts and challenges
- Memory acquisition methods and tools (DumpIt,WinPMEM)
- Memory analysis methods and tools (Volatility,Rekall)
- Memory artifact analysis (processes, DLLs, handles, sockets, etc.)
- Overview of malware forensics concepts and challenges
- Malware identification methods and tools (VirusTotal, YARA) Malware static analysis methods and tools (PEview, strings,IDA Pro)
- Malware dynamic analysis methods and tools (Process Monitor, Process Explorer, Wireshark)
- Malware artifact recovery methods and tools (prefetch files, autoruns entries, registry keys)
The Virtual Classroom is an online room, where you will join your instructor and fellow classmates in real time. Everything happens live and you can interact freely, discuss, ask questions, and watch your instructor present on a whiteboard, discuss the courseware and slides, work with labs, and review.
Yes, you can sit exams from all the major Vendors like Microsoft, Cisco etc from the comfort of your home or office.
With Readynez you do any course form the comfort of your home or office. Readynez provides support and best practices for your at-home classroom and you can enjoy learning with minimal impact on your day-to-day life. Plus you'll save the cost and the environmental burden of travelling.
Well, learning is limitless, when you are motivated, but you need the right path to achieve what you want. Readynez consultants have many years of experience customizing learner paths and we can design one for you too. We are always available with help and guidance, and you can reach us on the chat or write us at email@example.com.