The overview of Principles of Forensics and IR, Data Collection Techniques, Forensic Hardware, Chain of Custody, Basic Incident Response Process, Pre-Incident Preparation, Documentation Requirements, Common Approaches, Containment and Remediation Strategies, Malware Footprints, Data Volatility, Installed Software and Hotfixes, Persistence Mechanisms, Windows Audit Policies, Malware Analysis, Prefetch Analysis, The Windows Registry, Windows Event Log Analysis, File Carving, Email Header Analysis, Determining File Headers, Extraction of Attachments, Extracting Specific File Types, Deleted Files and Recovery, Use of Hash Sets, Adding Hash Sets, Advantages of Timeline, Timeline Creation, Sources of Network Data, PCAP Analysis with Wireshark, Network Footprint Basics of Memory Acquisition and Analysis, Highlight Power of Memory, Live Response Best Practices and Order of Volatility, Following the Process Tree and Unix/Linux File Permissions.
