Surviving Digital Forensics: Windows Shellbags

Computer forensic evidence to help prove file use & knowledge

4.70 (185 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
1,007
students
1 hour
content
Feb 2015
last update
$49.99
regular price

What you will learn

Extract and analyze windows shellbag records to help prove file use and knowledge

Use freely available forensic tools to conduct shellbag analysis

Construct validation exercises to test how shellbags behave depending on media type

Construct validation exercises to test how shellbags behave according to different types of user activity

Confidently explain what Windows shellbag evidence is to non-technical audiences

Description

  Welcome to the Surviving Digital Forensics series. This series is focused on helping you become a better computer forensic examiner by teaching core computer forensic skills - all in about one hour. In this class examine how to use Windows Shellbag records to help prove file use and knowledge.  Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so.  Very powerful evidence! 

  As with previous SDF classes you will learn by doing. The class begins with a brief overview of the issue at hand. Then we set up our forensic systems and off we go. Learning is hands on and we will use low cost and no cost computer forensic tools to do so. 

  Expert and novice computer forensic examiners alike will gain from this class. Since we are doing it the SDF way we are going to teach you real computer forensic skills that you can apply using our method or customize to meet your needs. You will learn how you can use freely available forensic tools, all GUI based, to extract and analyze Windows Shellbag evidence. 

  Class Outline 

  1. Introduction and Welcome to the SDF series 

  2. Getting the most out of the class 

  3. Windows Shellbags - an overview 

  5. Shellbag Deep Dive 

  6. Setting up your forensic system 

  7. Validation practical 01 - local system activity 

  8. Validation practical 02 - attached USBs 

  9. Validation practical 03 - networked drives 

  10. Student Practical 

  11. Student Quiz 

  12. Reporting options 

  13. Review 

  14. Conclusion & thank you 

  A PC running Win7 or Win8 is required for this course. You need admin rights to the system.  The system itself should be a test system containing no critical data.  The forensic tools we use are all freely available, so beyond your operating system all you need is the desire to become a better computer forensic examiner. 

Content

Introduction

Welcome to the SDF Series!
Getting the most out of this class

Understanding Windows Shellbags

Windows Shellbags - An Overview
Shellbag Deep Dive
Shellbag Quiz

Getting Setup for the Practicals

Setting up Forensic System
Loading your local drive in FTK Imager

Shellbag Validation Practicals 01 - Local System Activity

Validation on Local System: Practical 01-A
Validation on Local System: Practical 01-A Results
Validation on Local System: Practical 01-B
Why No Mac Times?
Shellbag Quiz

Shellbag Validation Practicals 02 - Attached USBs

Attached USBs - Practical 02 - A
Attached USBs - Practical 02 -B
Attached USBs - Practical 02 - C
Attached USBs - Practical 02 - D

Shellbags Validation Practical 03 - Networked Drives

Networked Drives - Practical 03

Shellbag Student Practical

Shellbag Student Practical
Shellbag Quiz

Conclusion

Reporting Options
Review
Conclusion & Thank You!

Screenshots

Surviving Digital Forensics: Windows Shellbags - Screenshot_01Surviving Digital Forensics: Windows Shellbags - Screenshot_02Surviving Digital Forensics: Windows Shellbags - Screenshot_03Surviving Digital Forensics: Windows Shellbags - Screenshot_04

Reviews

Miro
September 5, 2023
Wish this was updated for Windows 10 and 11. Although I could follow along and grasp the info communicated in the Attached USB's section, I wasn't able to bring this up on my ShellBags Explorer and play around with it myself. Wish there were some tips provided as to why USB drives may not appear on the exported .dat files.
Nicole
December 17, 2021
I think the instructor is very good at explaining the information wish there were follow up courses or more in-depth course
Emory
August 15, 2021
I loved the process and you do a great job. The issues with the EXE for processing the shellbag file does not work on Win 10 Pro. The .dat file would not open in any other shellbag explorer. It would only show error. I will not deduct rating as crap happens in the computer world that is out of our control. Thank you
Johann
October 11, 2020
Very interesting and very well explained with a good balance between theoretical and practical parts.
Lock
May 18, 2020
The training should be updated to include Windows 10. The website 4n6k is no longer available to download the software. A newer version of the software is available in GITHUB. The trainer is good in explaining the ShellBag, except that it is very confusing for Last Write Time, Created On, Last Access and Modified Time. Did not give a good summarize of all these date times and their differences. I guess I need more hands-on and testing before I can understand why all these dates and times are showing differently.
Ck
April 30, 2020
too much zooming in and out on the screen. the course is also very draggy and too many breaks in-between ….
Brian
December 1, 2018
The course was well organized and put together. The practical walk throughs and exercises set this course apart.
Leon
September 24, 2018
Enjoyed his explanation and how he presented his course. Very knowledgeable and enjoyed the practical test at the end.... This is my second course and loved it … Cheers
Bruce
May 25, 2017
A simple explanation of shellbags and usable. I would like to see included a more detailed explanation of the hex values being interpreted.
Eugene
July 2, 2015
This "Surviving Digital Forensics" was great, as were all the others I have taken. It was Clear, concise and practical. I will definitely take any other of Mr Leclair's courses. Well done!
Larry
April 28, 2015
This course came at the perfect time as I was doing an exam that involved shellbags. THe instructor did a great job and was clear and concise. I love the idea of these pre recorded classes that way I can take a break when I need to. Great info and very affordable.. Thanks Sumuri
Beau
March 11, 2015
The lessons are succinct and informative. I appreciate his approach of showing you what you need to know in order to teach yourself. A lot of videos I've seen on advanced topics take time to show you how to browse to a web page, download a tool, and install it.. That drives me insane. If I'm learning the advanced topic then I already know how to use a computer! I enjoyed these tutorials.

Charts

Price

Surviving Digital Forensics: Windows Shellbags - Price chart

Rating

Surviving Digital Forensics: Windows Shellbags - Ratings chart

Enrollment distribution

Surviving Digital Forensics: Windows Shellbags - Distribution chart

Related Topics

417430
udemy ID
2/9/2015
course created date
2/16/2021
course indexed date
mohamedxxx
course submited by