Coursera

Windows OS Forensics (Coursera)

Offered by Infosec,

The Windows OS Forensics course covers windows file systems, Fat32, ExFat, and NTFS. You will learn how these systems store data, what happens when a file gets written to disc, what happens when a file gets deleted from disc, and how to recover deleted files. You will also learn how to correctly interpret the information in the file system data structures, giving the student a better understanding of how these file systems work. This knowledge will enable you to validate the information from multiple forensic tools properly.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

What You Will Learn

The student will learn about the windows file systems, Fat32, ExFat, and NTFS.
Students will learn how these systems store data, what happens when a file gets written to disc, & what happens when a file gets deleted from disc.
Students will learn how to recover deleted files.

Course 2 of 3 in the Computer Forensics Specialization.

Syllabus

WEEK 1
Bits, Bytes and Endienness
This module explains the various numbering schemas used throughout computer forensics. In this module, you'll explore the numbering schemas used in computer forensics. This knowledge allows the student to interpret data at the hex and binary levels. This skill is necessary to validate forensic software tools and gives the student an understanding of where to locate the data displayed by their forensic software. This information is notably beneficial for court proceedings.

WEEK 2
Disk Partition Schema
A look at the master boot record and the GUID partition table. This module demonstrates the difference between the master boot record and the GUID partition table. This information gives the student an understanding of where to locate both partitions and data on the drive. The forensic student learns how to interpret the master boot record and locate the volume boot record for each volume on the drive.

WEEK 3
The FAT File System
This module explores the structure of the FAT file system. This module covers the structure and layout of the FAT file system. The student develops an understanding of how the FAT file system writes a file to a drive and deletes a file from a drive. With this knowledge, the examiner can recover deleted data or recover data from a reformatted drive.

WEEK 4
The NTFS File System
In this module, you'll explore the details of the NTSF file system. NTSF is a crucial component of forensic examinations. This module explains how the file system organizes information and where data is located on the drive. It also covers where the metadata for the file is stored and the changes that occur at a file system level when someone deletes or creates a file.

WEEK 5
The ex-fat File System
Take a closer look at the details of the ex-FAT file system. In this module, the student learns the structure and layout of the ex-FAT file system, how the file system tracks files, where it stores the file metadata and how to recover deleted data.

WEEK 6
Windows Registry Forensics
Explore the complexities and challenges of Windows Registry forensics. This module covers the history and function of the Registry. It includes how to examine the live Registry, the location of the Registry files on the forensic image and how to extract files. After examining the files with forensic tools, the student can locate relevant artifacts such as USB device connection times, recently used documents, program last run times and programs set to run at startup.

Go to Class

MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Coursera

University of Colorado Boulder

Project Planning and Machine Learning (Coursera)

CS: Design & Product

This course can also be taken for academic credit as ECEA 5386, part of CU Boulder’s Master of Science in Electrical Engineering degree. This is part 2 of the specialization. In this course students will learn : * How to staff, plan and execute a project; * How to build a bill of materials for a product; * How to calibrate sensors and validate sensor measurements; * How hard drives and solid state drives operate; * How basic file systems operate, and types of file systems used to store big data; * How machine learning algorithms work - a basic introduction; * Why we want to study big data and how to prepare data for machine learning algorithms.

Jun 1st 2026

4 Weeks

Machine Learning Sensors Project Planning

Other Providers

University of Alicante

Introducción a XML (UniMOOC)

CS: Software Engineering

XML es el metalenguaje en el que están basados multiples lenguajes como KML, RSS, SVG, XHTML, etc.

Self Paced

Self-Paced

XML DOM Schema

Coursera

Google

Sistemas Operacionais e Você: Tornando-se um Usuário Avançado (Coursera)

Security & Networking

Neste curso – com uma combinação de palestras em vídeo, demonstrações e atividades práticas – você conhecerá os principais componentes de um sistema operacional e verá como executar tarefas críticas, como gerenciamento de software e usuários, e configuração de hardware. Vamos terminar com um exemplo de como esse conteúdo pode acabar surgindo em uma entrevista.

Jun 8th 2026

5-12 Weeks

Operating Systems Linux File Systems

FutureLearn

University of Dundee

Identifying the Dead: Forensic Science and Human Identification (FutureLearn)

Sci: Biology & Life Sciences Medicine & Pharmacology

Uncover a grave, examine remains and reveal the victim’s identity in this free online course, linked to a new Val McDermid story.

No sessions available

5-12 Weeks

Death Forensic Science Forensics

FutureLearn

Durham University

Forensic Archaeology and Anthropology (FutureLearn)

History

Enter the fascinating world of forensics, and learn how the deceased are located, recovered and analysed using DNA and pathology. Learn the science behind the exhumation and identification of skeletal remains. The location, exhumation and identification of the dead requires highly specialised expertise. On this course, you’ll learn the latest scientific techniques for body location, recovery and analysis.

Oct 4th 2021

5-12 Weeks

DNA Archaeology Forensics

OpenSecurityTraining

Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration (OST)

CS: Software Engineering

This class provides a distilled understanding of some OS mechanisms such as memory management, segmentation, paging, interrupts, and port IO. This knowledge is directly relevant for the future Rootkits and Advanced x86: Virtualization with Intel VT-x classes.

Self Paced

Self-Paced

Programming Security Computing

Saylor Academy

Saylor.org

Operating Systems (saylor.org)

Security & Networking

This course will introduce you to modern operating systems. We will focus on UNIX-based operating systems, though we will also learn about alternative operating systems, including Windows.

Self Paced

Self-Paced

Operating Systems Unix Windows

Forensic Engineering: Learning from Failures (edX)

EdX

Delft University of Technology,DelftX

Forensic Engineering: Learning from Failures (edX)

Engineering Health & Society

Don’t let good failures go to waste! Identify the causes of failure and use this knowledge to enhance safety and improve performance. What do collapsed buildings, infected hospital patients, and crashed airplanes have in common? If you know the causes of these events and conditions, they can all be prevented. In this course, you will learn how to use the TU Delft mind-set to investigate the causes of such events so you can prevent them in the future.

Self Paced

Self-Paced

Engineering Safety Forensic Science

EdX

Rochester Institute of Technology,RITx

Computer Forensics (edX)

CS: Software Engineering

Learn the process, techniques and tools for performing a digital forensics investigation to obtain data related to computer crimes. Digital forensics involves the investigation of computer-related crimes with the goal of obtaining evidence to be presented in a court of law.

Jan 8th 2024

5-12 Weeks

Unix Linux Forensics

OpenCourseWorld

Microsoft Deutschland GmbH

How to Create a Windows 8 App (OpenCourseWorld)

CS: Software Engineering CS: Information & Technology

In diesem Kurs werden Sie Schritt für Schritt in die Entwicklung von Windows Store Apps eingewiesen.

Self Paced

Self-Paced

Windows Technology Microsoft

Coursera

Google Cloud

Deploying and Managing Windows Workloads on Google Cloud (Coursera)

CS: Information & Technology

This course teaches you about deploying and managing Microsoft Windows® workloads on Google Cloud. This course uses lectures and hands-on labs to show you how to plan and configure Microsoft Windows Server and Microsoft SQL Server in Google Cloud. You will configure identity solutions including Managed Service for Microsoft Active Directory, deploy Windows workloads to Compute Engine and Google Kubernetes Engine, and learn to manage and operate Windows workloads with Cloud Console, Cloud Logging, and Cloud Monitoring.

May 27th 2024

1 Week

Windows Google Cloud Coursera Plus

Coursera

IBM

Core 2: OS, Software, Security and Operational Procedures (Coursera)

CS: Information & Technology

Are you interested in becoming a proficient and sought-after IT professional? Are you currently or do you plan to pursue a career in an IT support, network technician, or other IT-related role? This IBM course, designed for individuals with IT Fundamentals knowledge, is part of a series of courses that will help you prepare for the CompTIA Core 2 Certification exam. You will gain a solid foundation in operating systems, IT support best practices and procedures, and the skills necessary to excel in an IT role.

May 25th 2026

5-12 Weeks

Security Operating Systems Linux