Windows Forensic Analysis Training

This page holds information regarding the ASI digital forensics course offerings.

The ASI Training Page can be found here.  The calendar of current offerings can also be found on this page. Check back frequently for changes and updates.

This WindowsIR blog post thoroughly describes the current course offerings.

FAQ
Do you only hold courses at your Reston location?
No, we don't.  We are willing to work with a sponsoring organization to hold courses in other locations.

There are a lot of training courses available; what makes yours so special?

Who better to design and teach the courses than the person who wrote the book on the subject?  Who better to show you how to the get the most out of RegRipper than the person who designed and wrote the tool?

Also, the courses are continually updated.  I take a look at the questions asked during each course and the feedback, and look at incorporating what works right away.  I also look to add new information based on what I find during my exams.  This means that if you attend these courses, you're going to have access to information, artifacts, and tools that are not available any place else.

Finally, when you attend these courses at our Reston location, you receive a copy of the appropriate book, as part of the course registration fee.

Can I sign up for all of your current courses, for 5 days of training?
No.  The courses were designed so that Windows Forensic Analysis would be taken before Timeline Analysis, with some time in between.  Both courses cover a great deal of information in two days, and it is best if you take one course, and then go back and use what you've learned.  While both courses cover a lot of the same artifacts, they do so from different perspectives, and taking both courses back-to-back can be overwhelming.  Registry Analysis can be taken in combination with either course.

Is there anything special I need to know before attending the courses?
It is very helpful if you have some familiarity with digital analysis of Windows systems, and that you are comfortable navigating the system and running commands from the command prompt.

What other courses do you teach, or plan to teach?
We are currently working on a malware detection course (not analysis), intended for analysts who are tasked with determining if systems were infected.  And we're always interested to hear what other courses may be of interest to the community.

Do you teach a Windows memory analysis course?
No, we don't.  The Volatility folks offer the course you want to take with respect to Windows memory analysis.

If you have any other questions, please feel free to contact me, or send us an email at ASI.