From the course: Incident Response: Evidence Collection in Windows
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Next steps
From the course: Incident Response: Evidence Collection in Windows
Next steps
- [Narrator] Congratulations on completing this course on evidence collection in Windows. Over the last few hours together we have covered a lot of material. First, we prepared for an incident response by properly formatting our hard drives for evidence collection, building our trusted toolkit, and validating that toolkit. Then we jumped into the lab environment where I demonstrated how to collect forensic evidence. We did this both on a live system using volatile and non-volatile evidence collection techniques with many of the tools from our trusted toolkit. Finally, we talked about detecting disk encryption with BitLocker and how to best document all of our notes and reports during our evidence collection efforts. So with all of that behind us, the question you're probably asking is what's next in the world of incident response and digital forensics? Well this course only covered the evidence collection portion of…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.