Focal Point - Windows System Analysis Course Details:

Many organizations rely on technology to perform anomaly detection and investigation. But when it comes to identifying and investigating abnormal behavior on a system, there is no substitute for a well-trained analyst. Focal Point - Windows System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis. This course is primarily focused on the Windows 10 operating system, but includes many tools and techniques that also apply to Windows 7 and more recent versions of the Windows Server.

Practical Scenario:
The practical assessment for this course is an investigation scenario that will require students to use all of the knowledge, skills and abilities acquired during class to remotely analyze a network of systems, identify compromised machines, and remediate as appropriate.

    No classes are currenty scheduled for this course.

    Call (919) 283-1674 to get a class scheduled online or in your area!

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.

In this class you will learn:

  • Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry and Windows services
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
  • Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes
  • Conduct remote investigations of potentially compromised Windows workstations and servers

Course Outline:

  1. OS Overview
  2. Processes
  3. Dynamic Linked Libraries (DLLs)
  4. Network Connections
  5. The Registry
  6. Services
  7. Logs and Timelines
  8. PowerShell Basics
  9. Querying the Operating System
  10. Scripting with PowerShell
  11. Baselining with PowerShell
  12. Remote Administration


  1. OS Familiarization
  2. Process Explorer Familiarization
  3. Process Scenario
  4. Inspecting DLLs
  5. Memory Mapping
  6. Process Injection
  7. TCPView and Netstat
  8. Registry Familiarization
  9. Registry Analysis
  10. Analyzing Services
  • This is an introductory course ideal for those seeking a career in malware analysis, incident response, or digital forensics.
  • Students should be familiar with the general use of Windows systems, including the command line interface, and have at least a basic understanding of TCP/IP networking
  • Novice Malware Analysis
  • Incident Response Team Members
  • Network Security Professionals
  • Forensic Analysis

Ready to Jumpstart Your IT Career?