Building an Investigation with EnCase

CPE: 32 créditos. Nivel: intermedio.

Método de enseñanza: grupo.

Nivel NASBA definido: intermedio.

Código: DF210.

Duración: 4 días.

Para más información, descargue el programa completo de los cuatro días en PDF:

Temario

About the course

This hands-on course is designed for investigators with solid computer skills, prior computer forensics training, and experience using OpenText™ EnCase™ Forensic (EnCase). This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase. This course will build an investigation using analysis techniques, such as recovering volumes, registry analysis, and examining compound files. The course progresses through the analysis of Windows artifacts, shortcut link files, Recycle Bin, stored internet data, and email. This course will assist criminal, corporate, and cybersecurity analysts.

Students must understand EnCase Forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating and using EnCase bookmarks, file signature analysis, and exporting evidence.

Audience

This course is intended for cybersecurity professionals, litigation support, and forensic investigators.

Prerequisites

Participants should have attended the EnCase course, DF120 – Foundations in Digital Forensics with EnCase or EnCase v7 Computer Forensics I (offered prior to June, 2016).

Summary

Focusing on commonly conducted investigations, students will learn about the following: