Investigations involving Windows-based operating systems occur every day. As a result, it is essential for an investigator to know how to properly examine the critical files and structures of the Windows operating system. This two-day course will provide an in-depth study and examination of the forensic evidence left on the VISTA, Windows XP, and Windows server based operating systems. This hands-on forensic course will arm you with methods and techniques to investigate critical areas of the Windows operating system for any case. Beginning with the registry, the new investigator will learn how to discover critical user and system information from the Windows Registry that is pertinent to any investigation. Second, the investigator will learn how to find and examine logs from a Windows machine in order to find relevant data to any case. In the final part of the day, the investigator will learn how to examine and search email for key evidence. Throughout the day, the investigator will utilize their skills in real hands-on cases exploring evidence and artifacts discussed throughout the day. Topics: Registry Forensics Registry Basics Core System Information User Forensic Data User searches Typed URLS Recently Modified Documents Event Log Forensics Event Logging Basics Locations Viewers Event Types Email Forensics How Email Works Locations Examination Types of Email Formats Email Analysis Email Searching and Examination