Course Description:
This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II course, continuing with a focus on file and operating system examinations.
Delivery method: Group-Live. NASBA defined level: advanced.
Emphasis is placed on file and operating system artifacts. This course provides in-depth coverage on topics, including:
Students must understand evidence handling; the structure of the evidence file; creating and using case files; data acquisition methods including DOS based, hardware write protected, crossover cable and disk to disk; recovering deleted files and folders in a FAT environment; keyword searches across logical and physical media; creating and using EnCase bookmarks; file signatures and signature analysis; and locating and understanding Windows® artifacts. Delivery method: Group-Live. NASBA defined level: intermediate.
CPE Credits: 32Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Level: Advanced
Prerequisites: EnCase Computer Forensics II or EnCE Certification. Advance preparation for this course is not required.
Who should attend?
This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II course, continuing with a focus on file and operating system examinations.
Students will Learn:
- Analysis of NT File System (NTFS) artifacts in Windows operating systems
- Advanced NTFS data recovery
- Examination of the Microsoft Windows Registry
- Analysis and recovery of Microsoft Windows event log files
- Hardware and software RAID technology, acquisition and examination
- Principles of encrypted data recovery
- Understanding and examining Windows BitLockerâ„¢ volumes
- Linux and UNIX operating and file system artifacts
- Linux partition recovery
- Data acquisition using Linux
- Understanding and examination of Macintosh disk and file system structure
- Forensic examination of Macintosh computers Macintosh OS X® operating system artifacts
- Reinforcement of the EnCase® computer forensic methodology
- Introduction to EnScript programming