DF210 - Building an Investigation with EnCase OnDemand
Duration: 32 Hours
Formerly EnCase v7 Computer Forensics II
This OnDemand course is designed for investigators with solid computer skills, prior computer forensics training, and experience using OpenText™ EnCase™ Forensic (EnCase). This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase. This course will build an investigation using analysis techniques, such as recovering volumes, registry analysis, and examining compound files. The course progresses through the analysis of Windows artifacts, shortcut link files, Recycle Bin, stored internet data, and email. This course will assist criminal, corporate, and cybersecurity analysts.
Students must understand EnCase forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating and using EnCase bookmarks, file signature analysis, and exporting evidence.
CPE Credits - 0
Audience
This course is intended for cybersecurity professionals, litigation support, and forensic investigators.
Prerequisites
Basic computer skills. Advance preparation for this course is not required.
Summary
Focusing on commonly conducted investigations, students will learn about the following:
How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
How to locate and recover deleted partitions
Students will learn how to deal with compound file types
Students will learn about the Windows® Registry
How to determine time zone offsets and properly adjust case settings
How to create and use conditions for effective searching
Students will learn how to use the OpenText™ EnCase™ Evidence Processor
Students will gain an overview of the FAT, ExFAT, and NT file system
How to conduct keyword searches and advanced searches using GREP
The differences between single and logical evidence files and how to create and use of logical evidence files
How to identify Windows operating system artifacts, such as link files, Recycle Bin, and user folders
How to recover data from the Recycle Bin
How to recover artifacts, such as swap files, file slack, and spooler files
How to conduct a search for email and email attachments
Students will learn how to examine email and Internet artifacts
How to identify and recover data relating to the use of removable USB devices
System Requirements
1. A desktop/laptop computer.
Microsoft® Windows operating system is recommended.
2. Internet access
3. Latest Adobe® Flash Player software http://www.adobe.com
4. Latest Adobe Reader software http://www.adobe.com
5. Some courses offer the ability to conduct optional practical exercises on a remote workstation. Internet Explorer and Firefox are recommended.
***Passport students may only be registered in two (2) OnDemand courses concurrently
You are registering for an online class. EnCase OnDemand Courses can be accessed online 24/7.
The course content is available for 60 days once registered.
Terms & Conditions
Training materials for this course, including the DF120 - Foundations in Digital Forensics with EnCase OnDemand student manual, will be sent electronically. MANUALS ARE AVAILABLE ONLY IN NON-PRINTABLE EBOOK FORMAT. PHYSICAL COPIES OF MANUALS ARE NOT AVAILABLE WITH TRAINING OnDEMAND COURSES.