Are you the person who responds to allegations of user abuse of computer resources, allegations of misuses of sensitive company information, or accusations of allowing a hostile work environment? If so, this workshop is for you. Application and operating system artifacts contain a wealth of information about what users did on their system. All you need to follow this history of activity is the proper tools and the training provided in this course.

This program focuses on the operating system artifacts such as system logs, software logs, task schedule logs and other repositories of user activity. In addition to these log files, many other operating components will be examined. Application data provide a rich source of information on user activity. These include Internet cache/history and favorite records. Using the tools provided in this hands-on workshop, we will examine numerous valuable resources tying the user to his/her actions.

Who Should Attend:  Persons who will respond to actual or suspected cyber incidents involving sensitive data.

By the end of the day, participants will be able to:

• Preserve evidence
• Acquire a forensic image
• Address the reasonable expectation of privacy
• Examine application and operating system artifacts such as: Thumbs.db, Registry , User Assist, USB Devices, Link Files, Pre-Fetch files, Event Logs, History, Index.dat, Cookies, PST, NK2, and BX.
   

Prerequisites: An understanding of Windows based operating systems, command level instructions and hard disk hierarchal structures.