888-238-4050  bullet  TRAINING@AZIUS.COM

AZIUS Training

Public Seminars Private Seminars Azius Blog

Public seminars for May 2017! (Redmond area, Washington)

Featuring Windows Internals and Performance Toolkit Workshop  and Windows Driver Frameworks , both May 8-12. Early registration discounts are available!


Windows Cyber-Forensics seminars

Azius offers seminars in six major areas of Windows technology: Windows operating system internals, troubleshooting and debugging, device drivers, Windows security, Windows source code, and Windows Cyber-forensics.

This page lists seminars designed specifically for cyber-forensics investigators.  



Windows Forensics

These seminars bring our extensive knowledge of Windows internals and security to the cyber-forensics field. 

ID Title Level Summary
Data Storage and Recovery Methods Basic
2 days with labs

This seminar covers how data is physically stored in a computer system, and provides detailed information on RAM, ROM, Flash, CD, DVD, Hybrid Hard Disks, and Blu-Ray.  Learn about the recovery potential from a variety of storage devices.

Survey of Malware Types Basic
1 day lecture only

Most recent malware is used for financial or political gain, and although often referred to as "viruses," the attack and propagation methods are very different from true viruses. This course is an overview of the types of malware, how malware is categorized, and how each type of malware attacks a Windows system. This allows the forensic investigator to identify malware used in criminal attacks.

Malware Internals Intermediate
2 days with labs

How does malware work? How do you trace where malware came from? In order to defeat your enemy, you must understand your enemy. This course covers the various types of malware and how it typically operates in a Windows system. 

Windows Internals for Forensics Intermediate
5 days with labs

All modern malware works within the operating system, not only by exploiting weaknesses but also by using features that are there for everyday use. It is therefore impossible to understand how malware works without a deep understanding of the operating system it targets. This seminar provides detailed information on how Windows works internally, with special focus on common malware attack methods. It includes coverage of Windows’ most recent security features, most of them specifically added to combat malware.  

Windows Cryptography Intermediate
2 days with labs

Encryption is being used more and more in legitimate business, as well as within criminal enterprises. Learn about the types of encryption available in Windows, the weaknesses, and what it takes to either decrypt files that have been encrypted or to defeat the encryption by other means. Includes the detection of hidden volumes as implemented by, for example, TrueCrypt. 

BitLocker Operation and Internals Intermediate
1 day with labs

BitLocker is being used more and more to protect the contents of disks from loss and theft. Unfortunately, it is also being used by cybercriminals to hide their activities from law enforcement. This course describes the internal operation of BitLocker, and how  law enforcement can defeat it in some cases. 

Virtual Machines Intermediate
1 day with labs

Virtual machines are useful for many purposes in computing, but they can also be used to hide evidence of user activity on a computer system. Cybercriminals are using virtual machines because it is apparently easy to remove all trace of their activities just by deleting a single file. This seminar describes virtual machines, their methods of operation, how they are used to hide user activity, and how to detect their use. It also describes how to use virtual machines for malware analysis and other aspects of cyber forensics. 

Windows Storage Architecture Overview Intermediate
1 day with labs

Understanding how files are stored (and may be hidden) on a disk or other storage media (solid-state disk, USB "key", SD card, etc.), is essential to performing a thorough forensic investigation. Learn the essentials of the on-disk formats of NTFS, EFS, FAT 12/16/32, exFAT, CDFS, and UDFS. This seminar also covers details of partitioning methods (MBR vs. GPT), the various types of Windows "volumes," basic vs. dynamic disks, and the new Storage Spaces. 

Windows Log Files and Other History Intermediate
1 day with labs

Windows miaintains a significant amount of data on its past activity as part of its normal operation. This is used for self-diagnosis, performance monitoring, and error reporting, as well as for common functions such as user login/logiout tracking and file access auditing. Using this information, a forensic investigator can create a detailed timeline of a user’s activities, going back months or in some cases years. Learn what information Windows maintains and where to find it. 

Internet Design and Protocols Intermediate
5 days with labs

How is data transmitted from one machine to another over the Internet? What network protocols are used by the Internet? How do you capture network traffic? What information is recorded by a user’s Internet Service Provider? How do you trace the origin of a Distributed Denial of Service Attack? This course will answer these questions and more, and provide the forensic investigator with the knowledge necessary to gather information about a suspect’s use of the internet. The student will learn how to capture network traces and trace the route through the Internet that packets followed. 

NTFS File System Intermediate
2 days with labs

This seminar presents the complete details of the NTFS file system on-disk structure. You will learn how files are stored in NTFS, how directory indexes work, and how to recover deleted files and partitions.

FAT12/16/32 and exFAT File Systems Intermediate
1 day with labs

This seminar presents the complete details of the FAT file systems. Learn how files are stored, and how to recover some deleted files.

Warning: mysql_free_result() expects parameter 1 to be resource, null given in /home/content/j/e/h/jehcmkrnl/html/inc/bottom.php on line 5