We are excited to announce that Introduction to Windows Forensics is now live on the TCM Security Academy. The course comes from Andrew Prince, who brings a deep background in blue team and defensive security to the Academy. Andrew is already well known to TCM students as the instructor behind SOC 101 and SOC 201. Windows forensics is a natural extension of that work, and students who have taken his courses know to expect thorough, practical instruction from start to finish.

Windows systems run enterprises, governments, and critical infrastructure around the world. When something goes wrong on those systems, organizations need examiners who can find out what happened, how it happened, and who was responsible. This course is built to give you that foundation.

Why We Built This Course

Windows is the most common operating system investigators encounter in the field, and forensic examiners need to know it well. After Practical Windows Forensics left the platform earlier this year, we wanted to make sure students still had a clear, practical path into Windows forensics. Introduction to Windows Forensics fills that gap and serves as the starting point for a broader Windows Forensics learning path we are building out at TCM Academy.

What You Will Learn

The course covers the core concepts and skills every forensic examiner needs to get started. Here is a breakdown of what is included:

• Course Introduction: What Windows forensics is and why it matters across cybersecurity operations, incident response, and corporate security programs
• The Investigative Mindset: How to approach cases with a hypothesis-driven mindset and a consistent, repeatable methodology
• The Digital Forensic Process: The end-to-end process that guides every investigation from first contact to final conclusions
• Foundational Principles: Forensic integrity, source validation, evidence handling, and chain of custody
• Understanding How Data Is Stored: How Windows systems store data and why that matters for evidence recovery
• Sources of Digital Evidence: The artifact categories examiners rely on, including file structures, registry hives, event logs, caches, and application traces
• The Windows Operating System: How Windows generates persistent evidence and how artifacts are created, modified, and deleted
• DFIR Software and Hardware: The tools of the trade and how to select the right ones for a given investigation
• Evidence Acquisition: How to image drives, hash evidence, and preserve forensic integrity from the start

Who Should Take This Course

This course is designed for three audiences in particular:

Aspiring digital forensic examiners and incident responders: If you want to build a career in DFIR, this course gives you the foundational knowledge to get started on the right foot.

IT and security professionals expanding into DFIR: If you already work in security and want to add forensics to your skillset, this course bridges the gap between general security knowledge and hands-on investigative work.

Cybersecurity students building toward a forensics specialization: This course is the starting point for TCM Academy’s Windows Forensics learning path. Everything that follows builds on what you learn here.

Ready to Get Started?

Introduction to Windows Forensics is available now on the Academy. If you are already a TCM Academy subscriber, it is included in your membership.

Windows forensics is a skill that does not go out of style. As long as organizations run Windows systems, there will be a need for examiners who know how to investigate them. This course is where that journey starts.

We will see you in the course.

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: sales@tcm-sec.com

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

tel: (877) 771-8911 | email: info@tcm-sec.com