Users on Windows machines are still the most likely entry point for a cyber attack, and its widespread use makes Windows forensics skills essential for all investigators and first responders.
According to Christian Prickaerts, expert forensic investigator and SANS instructor, said that in many cases, the user is completely unaware of the attack which through social engineering or malware starts a chain reaction that can ultimately lead to an incident which in the case of APT style attacks may well remain undetected within an environment for many months.
Although newer Microsoft operating systems have made great strides in helping to secure common weaknesses, Prickaerts points to the huge number of systems, including Windows XP that are still used but are effectively out of support when it comes to security updates and patches.
“Strong Windows forensic skills are also important for validating security tools, enhancing vulnerability assessments, identifying insider threats, tracking hackers, and improving security policies,” says Prickaerts.
