Â

International Training

Gomex Institute of Technology

Â

Course Description:

EnCase® Advanced Computer Forensics

This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II course, continuing with a focus on file and operating system examinations.

Delivery method: Group-Live. NASBA defined level: advanced.

Emphasis is placed on file and operating system artifacts. This course provides in-depth coverage on topics, including:

Students must understand evidence handling; the structure of the evidence file; creating and using case files; data acquisition methods including DOS based, hardware write protected, crossover cable and disk to disk; recovering deleted files and folders in a FAT environment; keyword searches across logical and physical media; creating and using EnCase bookmarks; file signatures and signature analysis; and locating and understanding Windows® artifacts. Delivery method: Group-Live. NASBA defined level: intermediate.

CPE Credits: 32Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â

Level: Advanced

Prerequisites: EnCase Computer Forensics II or EnCE Certification. Advance preparation for this course is not required.

Who should attend?

This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II course, continuing with a focus on file and operating system examinations.


Students will Learn:

  • Analysis of NT File System (NTFS) artifacts in Windows operating systems
  • Advanced NTFS data recovery
  • Examination of the Microsoft Windows Registry
  • Analysis and recovery of Microsoft Windows event log files
  • Hardware and software RAID technology, acquisition and examination
  • Principles of encrypted data recovery
  • Understanding and examining Windows BitLockerâ„¢ volumes
  • Linux and UNIX operating and file system artifacts
  • Linux partition recovery
  • Data acquisition using Linux
  • Understanding and examination of Macintosh disk and file system structure
  • Forensic examination of Macintosh computers Macintosh OS X® operating system artifacts
  • Reinforcement of the EnCase® computer forensic methodology
  • Introduction to EnScript programming

The Gomex Difference

Gomex Institute of Technology is of the firm belief that students both locally and internationally deserve quality education.

Admissions

Apply now! We'll guide you through the process of the Standard or Mature Application and answer any questions you have along the way.

Application Resources

Improve your chances of entry. Check out our Application Resources and get information on applying, and more.

Gomex Institute of Technology
Relevant Knowledge

About

Gomex Institute of Technology is a training institution in Jamaica that focuses on computer security training, computer forensics, network training and a host of other training programmes.

Address

19 Parkington Plaza (Upstairs) Kingston 10

Contact

info@gomextech.com

(876) 622-7519

(876) 503-0363

(876) 622-7590

Mon-Fri: 8:00 am - 8:30 pm

Sat: 8:00 am - 5:30 pm

Please publish modules in offcanvas position.