MCSI Certified DFIR Specialist
https://www.mosse-institute.com/certifications/mdfir-certified-dfir-specialist.html

MCSI Windows Forensics Library
https://library.mosse-institute.com/cyber-domains/digital-forensics.html#windows-forensics

MCSI Digital Forensics Library
https://library.mosse-institute.com/cyber-domains/digital-forensics.html


Windows forensics is the process of using investigative techniques to collect, analyze and report on data found on a Windows computer system. The goal of Windows forensics is to answer questions about a digital event or incident, such as: Who did what, when, and how? To perform a Windows forensics investigation, a forensic investigator must first have a sound understanding of the Windows operating system and how it works. They must also be familiar with the various tools and technologies that can be used to collect and analyze data from a Windows system. The first step in a Windows forensics investigation is to identify the scope of the investigation. This means determining what data needs to be collected and analyzed, and what questions need to be answered.