Save $200 on this intake
Limited seats available at this price
3-Day Instructor-Led Programme
Learn Windows host forensics fundamentals: artefacts, timelines, and a practical triage workflow for real investigations.
Duration
3 Days
Price
$2,699
(was $1,999)
Pricing applies to the current cohort only. Book now to secure this rate.
Windows Forensics is designed for learners who need a practical, defensible approach to investigating activity on Windows endpoints. You will learn what artefacts matter, where they live, what questions they answer, and how to avoid common interpretation mistakes during investigations.
Delivered through mentor-led sessions, the programme uses practical scenarios that mirror real incident response and forensic triage work. You will practise extracting meaning from host artefacts, correlating findings into timelines, and documenting evidence so your conclusions are repeatable and audit-friendly.
Across three intensive days, you will build a structured workflow for triage and deeper investigation, aligned with recognised best practices including ISO, GDPR, NIST and SOC 2, ensuring skills remain practical and deployable in real organisations. Reference artefact categories and “evidence of” questions will be guided using established DFIR mapping practices. All prices are exclusive of VAT (where applicable). Group enrolments and custom packages available.
Hands-On Learning (single line): Artefact-driven labs and scenario simulations that result in timelines, evidence packs, and investigation notes.
Mentor-led walkthroughs, artefact interpretation clinics, and feedback on investigation reasoning and documentation.
A repeatable Windows triage and timeline workflow suitable for SOC L2 and IR handovers.
Design a repeatable Windows forensic triage workflow.
Analyse host artefacts to answer investigation questions.
Implement defensible timeline building and correlation.
Lead evidence handling with clear documentation standards.
Communicate findings to technical and non-technical stakeholders.
Evaluate investigative confidence, gaps, and limitations.
Basic Windows operating system familiarity
Understanding of core security concepts
Comfortable writing structured notes
Step-by-step learning journey from basics to professional practice
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
Custom quotes for teams and organisations
We come to you. Training delivered at your workplace for teams of 6 or more.
Custom pricing based on:
No obligation. Response within 1 business day.
Classroom training at a professional venue. Ideal for focused, immersive learning.
Custom pricing based on:
No obligation. Response within 1 business day.
Combine online and in-person learning for maximum flexibility and impact.
Timeline tailored to learner availability
Custom pricing based on:
No obligation. Response within 1 business day.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of Windows Forensics (Host Artefacts, Timelines, Triage Approach), learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and is aligned with globally recognised frameworks and best practices.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of practical scenarios, timeline deliverables, and the final case pack submission.
Everything you need to know about this course
No. This programme is focused on defensive investigation skills: triage, artefact interpretation, timelines, and evidence handling using practical scenarios.
Take the next step in your professional development