Course Description:
This hands-on course involves practical exercises and real-life simulations. The class provides participants with an understanding of the proper handling of digital evidence from the initial seizure of the computer and/or media to acquisition, and then progresses to the analysis of data. It concludes with archiving and validating the data.
CPE Credits: 32Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Level: Introductory
Prerequisites: Â Basic computer skills. Advance preparation for this course is not required.
Who should attend?
This course is intended for IT security professionals, litigation support and forensic investigators. Participants may have minimal computer skills and may be new to the field of computer forensics.
Students will Learn:
- What constitutes digital evidence and how computers work
- An overview of the EnCase Computer Forensic Methodology
- Basic structures of the FAT and NTFS file systems
- How to create a case and how to preview/acquire media
- How to conduct basic keyword searches
- How to analyze file signatures and view files
- How to restore evidence
- How to archive files and data created through the analysis process
- How to prepare evidence for presentation in court
- How to verify the evidence file