13 cubed Windows Endpoint Forensics

URL - https://training.13cubed.com/investigating-windows-endpoints

Instructor - Richard Davis

This is one of the best courses I have completed so far. It teaches you how to investigate windows event logs, the registry and so much more. 

Richard Davis is the instructor and has a lot of experience in the field. He has ran courses for various companies like the SANS Institute. With the windows endpoint course he is very engaging and delivers this course in a way which keeps you focused.  

This course is set up so you can follow along and carry out the work at the same time as Richard does it. It has a lot of information but it is stuff that will put you on the front foot when learning how to investigate. 

The exam is 80 questions with a pass mark of 70 points. It has theory as well as practical questions. It is an open book so you can have your notes. It is not an easy exam but if you take good notes and the time to go through all the sections a few times you can pass the first go. 

I recommend this as the first course you should do as it covers most areas you will need when starting in a SOC.