The course objective is for students to conduct a forensic examination of an image of the Windows operating system in a forensically sound (repeatable, documented, and non-destructive) manner; choose the basic functions, configurations, outputs, tools, and settings that need to be adjusted when conducting a forensic examination of a Windows operating system; examine a forensic image from a Windows computer using basic forensic processes and automated tools; use tools and a repeatable, documented process to gain access to protected files; and produce documentation that completely and accurately summarizes all forensic actions taken on the machine.