Nuix Workstation Forensic Practitioner Core and Windows

listado completo de cursos

Modules

MODULE 1: Introduction & Product overview

Class introductions
Class objectives
Nuix history
The Forensic process
Overview of Nuix technology
Balancing system resources
Nuix Workstation installation
Nuix Imager
Nuix support

MODULE 2: Nuix Imager, Nuix Workstation Cases & Data Processing

Review forensic baseline
Utilizing Nuix Imager
Nuix Workstation case types
Processing profiles
- Processing settings
Adding case evidence
Processing statistics

MODULE 3: User Interface, Filters & Basic Searching

Nuix Workstation overview
Menu items
Tab functions
Document Navigator
Results pane
Review pane
Reset views

MODULE 4: Excluding Irrelevant Artifacts

Data analysis & culling
Metadata profiles
Flag ignorable items
Custodian management
Checking items
Tagging items
Comments
Deduplication
Exclusions

MODULE 5: Metadata

Overview of Metadata
Metadata types in Nuix Workstation
Filter and Search Metadata
Date and Time Metadata
- Communication date
- Source Timezone
Image Metadata
MS and Open Office Document Metadata
Derived Metadata fields
Custom Metadata fields

MODULE 6: File & Security Systems

Disks, partitions & File systems
The baseline PC boot process
Reparse points & Symbolic links
Windows File system & partition structure
Windows Security & identify foundations

MODULE 7: Recovering Data

Understanding data deletion
The Recycle Bin
Unallocated space
Slack space
Windows 10 Recycle Bin
- Processing
Understanding data deletion
The Recycle Bin
Unallocated space
Slack space
Windows 10 Recycle Bin
- Processing
- Tagging
- $I File
Windows XP Recycle Bin
- Recycler
- INFO2 File
Recovering Unallocated and Slack space
- Carve
- Work with results
- Exclusions

MODULE 8: Event Logs

What are Windows Event Logs and how they are Formatted?
- Where are they stored and backed up?
- Windows Event Viewer
Windows 10 Event Logs
- Log types
- Log views
- Using the Event Viewer
- Using Nuix Workstation
- Create Metadata Profiles for review
- Search and Filter
Windows XP Event Logs
- Processing in Nuix Workstation
- Create Metadata Profiles for review
- Search and Filter

MODULE 9: Registry Basics

Registry overview
Understanding the NT registry files
Understanding forensic usefulness of browser data
Processing the registry
- Smart processing
Reviewing comply useful SAM, system & software registry artifacts

MODULE 10: Link & Jump Files

Overview of Windows shortcuts
Link files & jump lists
Distributed link tracking service
File system artifacts
Processing Link files in Nuix
Windows 8 immersive app link files

MODULE 11: Emails

Why is email important?
Email transport and structure standards
Email transport protocol
Email store processing
Exchange server databases
Online web mail
Processing settings
Filtering emails
Metadata Profiles for emails
Search and review emails
Email deduplication
Cluster Runs
Export emails

MODULE 12: Browsers

The Main Browsers
- IE, Firefox & Chrome
Examining cached data, User Settings & History
Processing browser data in Nuix
Searching & filtering browser data

MODULE 13: Prefetch & Superfetch

Overview of PreFetch and SuperFetch
Settings & Configuration
Prefetch files
Layout.INI files
Examining specific event types

listado completo de cursos