Survey of Malware Types

Most recent malware is used for financial or political gain, and although often referred to as "viruses," the attack and propagation methods are very different from true viruses. This course is an overview of the types of malware, how malware is categorized, and how each type of malware attacks a Windows system. This allows the forensic investigator to identify malware used in criminal attacks.

Continue reading

Windows Internals for Forensics

All modern malware works within the operating system, not only by exploiting weaknesses but also by using features that are there for everyday use. It is therefore impossible to understand how malware works without a deep understanding of the operating system it targets. This seminar provides detailed information on how Windows works internally, with special focus on common malware attack methods. It includes coverage of Windows’ most recent security features, most of them specifically added to combat malware.  

Continue reading

Windows Cryptography

Encryption is being used more and more in legitimate business, as well as within criminal enterprises. Learn about the types of encryption available in Windows, the weaknesses, and what it takes to either decrypt files that have been encrypted or to defeat the encryption by other means. Includes the detection of hidden volumes as implemented by, for example, TrueCrypt. 

Continue reading

Virtual Machines

Virtual machines are useful for many purposes in computing, but they can also be used to hide evidence of user activity on a computer system. Cybercriminals are using virtual machines because it is apparently easy to remove all trace of their activities just by deleting a single file. This seminar describes virtual machines, their methods of operation, how they are used to hide user activity, and how to detect their use. It also describes how to use virtual machines for malware analysis and other aspects of cyber forensics. 

Continue reading

Windows Storage Architecture Overview

Understanding how files are stored (and may be hidden) on a disk or other storage media (solid-state disk, USB "key", SD card, etc.), is essential to performing a thorough forensic investigation. Learn the essentials of the on-disk formats of NTFS, EFS, FAT 12/16/32, exFAT, CDFS, and UDFS. This seminar also covers details of partitioning methods (MBR vs. GPT), the various types of Windows "volumes," basic vs. dynamic disks, and the new Storage Spaces. 

Continue reading