Windows Host Forensics -Workshop

Main Speaker:



Seminar Categories:


Cyber Workshop seminar

Course ID:




Daily seminar
Live Digital Sessions


Host forensics relates to the analysis of data extracted most commonly from a Disk drives (HDD / SSD) or a system Memory and is aimed to allow investigators to understand user’s and applications behavior on a particular system. Compared to network forensics, where evidence is usually collected from NICs as pcap files or event analysis tools logs. Host forensics requires understanding in different areas such a windows and Linux internals and core computer operations. Students will learn the fundamentals of conducting forensic analysis of a windows host. This course will incorporate demonstrations and lab exercises to reinforce hands-on capabilities.

Who Should Attend

  • SOC operators
  • Incident responders
  • Computer investigators
  • IT/network administrators
  • IT security personnel
  • Junior cyber forensics analysts


  • Basic understanding of computer networking
  • Basic understanding of Linux

Course Contents

  • Forensic approach to host analysis
  • Core computer operations
  • Main data resources
  • Offline host analysis
  • Tsurugi investigation platform
  • File system analysis
  • Data repositories analysis
  • File and data extraction from a disk image
  • Deleted files recovery from a disk image
  • Memory analysis
  • File and data extraction from a memory dump