This course is a scenario-based training in how to conduct a full investigation of a network intrusion in a Windows environment. Students conduct several forensic examinations, analyze log data and network traffic, prepare an executive summary, create an event timeline, and perform malware analysis. Students will learn to determine how an intrusion took place, what material may have been compromised, and what other systems are potentially at risk.