The document outlines the agenda for a digital forensics session. It will cover basic Windows forensics, media analysis concepts including audio, video and digital image forensics. Demonstrations will include Windows registry analysis using Frat, Windows password reset using Hiren's BootCD, volatile memory analysis using FTK, and a case study on Malaysia Airlines Flight 370. The session will also discuss data categories in digital forensics including data at rest, in user memory, and in transit.