Course Description:
This hands-on course focuses on the use of EnCase Enterprise to conduct investigations in a live network environment as well as the administration and advanced use of EnCase Enterprise. Students will learn how to use EnCase Enterprise to address internal investigations, electronic discovery, and audits in a manner consistent with recognized standards as well as integrate EnCase Enterprise with intrusion detection systems.
The students will learn about EnScript® programming for the creation and use of filters and conditions. The Snapshot function will be introduced and used throughout the course, giving the students a thorough familiarity with this key feature. The attendees will learn about preferred enterprise acquisition techniques and eDiscovery collection concepts. The students will use their new-found knowledge and skills to identify and decrypt encrypted files. The students will expand on their knowledge of the function of the EnCase Enterprise servlet.
Delivery method: Group-Live. NASBA defined level: basic to intermediate.
CPE Credits: 32Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Level: Introductory to Intermediate
Prerequisites: None. It is highly recommended that students attend EnCase® Computer Forensics I and II or the five-day implementation training conducted by Guidance's Professional Services Division. This live course is designed for senior corporate security professionals, auditors, legal professionals and investigators. Students should currently be working with EnCase® Enterprise or employed by an organization that plans to purchase EnCase Enterprise. This course also covers the features and functionality of our Field Intelligence Model product.
Who should attend?
This course is intended for senior corporate security professionals, auditors, legal professionals, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase Computer Forensics II, continuing with a focus on the use of EnCase Enterprise for live, enterprise-wide investigations.
Students will Learn:
- Students will learn how to install and configure Secure Authentication for EnCase® (SAFE)
- Students will learn how data flows in the EnCase Enterprise environment. The built-in security features of the product will also be discussed
- Students will learn about the administration of the SAFE, including the management of network nodes (clients) and Enterprise roles and users
- Students will learn how to deploy servlets to supported operating systems (Windows®, *nix, Mac)
- Students will learn enterprise-wide versus ad-hoc servlet deployment methods and benefits
- Students will optimize network acquisitions in EnCase Enterprise version 6 security
- Students will learn how Snapshot and the capture of volatile data can be used to gain a more complete picture of the status of a machine or machines during an incident investigation
- Students will learn how using Snapshot with Application Descriptors and Machine Profiles can streamline incident investigations, quickly identifying potentially rogue applications on the network
- Students will learn to understand the role of volatile data on network investigations and security Students will learn to use EnCase® Snapshot to capture and analyze enterprise wide volatile data Students will learn how to create and filters and conditions to streamline investigations of all kinds Students will utilize EnCase Enterprise for compromise assessment and process analysis Students will learn to automate the eDiscovery process using EnCase Enterprise
- Students will understand how EnCase Enterprise can rapidly identify and retain data across the network using a set of criteria provided by the examiner
- Students will learn the advanced use of the servlet and servlet deployment Students will learn how to prepare evidence for presentation in court