DF210 - Building an Investigation with EnCase Forensic

  • Description

    This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic (EnCase).

  • Title

    DF210 - Building an Investigation with EnCase Forensic
  • Date

    Unknown
  • Duration

    4 days
  • Language

    English
  • Deadline

    Unknown
  • Prospects

    3
  • Status

    waiting list
  • Tutor

    Manfred Hatzesberger, Guidance Software
  • Location

    Unknown
  • Fees

    CHF 4'310.- incl. VAT

**Formerly EnCase Computer Forensics II.

This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner’s ability to work efficiently through the use of the unique features of EnCase. Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts.

Focusing on commonly conducted investigations, students will learn about the following:

  • How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
  • How to locate and recover deleted partitions
  • Students will learn how to deal with compound file types
  • Students will learn about the Windows® Registry
  • How to determine time zone offsets and properly adjust case settings
  • How to create and use conditions for effective searching
  • Students will learn how to use the EnCase® Evidence Processor
  • Students will gain an overview of the FAT, ExFAT, and NT file system
  • How to conduct keyword searches and advanced searches using GREP
  • The differences between single and logical evidence files and how to create and use of logical evidence files
  • How to identify Windows operating system artifacts, such as link files, Recycle Bin, and user folders
  • How to recover data from the Recycle Bin
  • How to recover artifacts, such as swap files, file slack, and spooler files
  • How to conduct a search for e-mail and e-mail attachments
  • Students will learn how to examine e-mail and Internet artifacts
  • How to identify and recover data relating to the use of removable USB devices

Download Course Syllabus

Print this page

Sign up for waiting list

Your enrollment for the waiting list is not binding. You will get notified by e-mail as soon as status changes to this course apply.

Please fill out the entire form
Please enter a valid e-mail address
Please accept information and/or privacy policy
Please fill out the captcha
We have received your registration
Sign up