EnCase v7 Computer Forensic II


EnCase® v7 Computer Forensics II  (CF2)

This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic version 7 (EnCase v7). This course builds upon the skills covered in the EnCase® v7 Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase v7.

Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts.
Delivery method: Group-Live. NASBA defined level: intermediate.




Focusing on commonly conducted investigations, students will learn about the following:

    How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
    How to locate and recover deleted partitions
    How to deal with compound file types
    Students will learn about the Windows® Registry
    How to determine time zone offsets and properly adjust case settings
    Students will gain an overview of the NT file system
    Students will learn how to use the EnCase® Evidence Processor
    How to recover deleted folders and conduct an index search
    The differences between single and logical evidence files and how to create and use logical evidence files
    Students will gain an understanding of the EnCase® Virtual File System (VFS) Module

       and EnCase® Physical Disk Emulator (PDE) Module
    How to conduct keyword searches and advanced searches using GREP
    How to identify Windows 7 operating system artifacts, such as link files, Recycle Bin, and user folders
    Students will learn how to examine e-mail and Internet artifacts
    How to create and use conditions for effective searching
    How to conduct a search for e-mail and e-mail attachments
    How to recover artifacts, such as swap files, file slack, and spooler files
    How to recover data from the Recycle Bin




Training Schedule & Training Fees


EnCase v7 Computer Forensics II (CF2) Training
Time: 09:00 to 18:00   <Four-Days>
Venue: Hong Kong
Training Fees: HK$ 22,000 per student


Medium of instruction: Taught in “Cantonese” Language with English terms
Schedule : 17-20 May. 2016


Medium of instruction: Taught in English Language
Schedule : 24-27 May 2016



​EnCase v7 Computer Frorensics I


Who Should Attend:

This course is intended for IT security professionals, litigation support and forensic investigators. Participants should have attended the EnCase® Computer Forensics I course.






•  Limited offer, first come first served.
•  A Performer Ltd reserves the right to change the promotion detail without prior notice.
•  A Performer Ltd reserves the right to final decision.   
•  The course will not commence unless there is a sufficient number of enrolled students.
•  All fees paid are neither refundable nor transferable.



Leading to the EnCase Certified Examiner (EnCE)

The EnCase® Certified Examiner (EnCE®) program certifies both public and private sector professionals in the use of Guidance Software's EnCase® computer forensic software. EnCE® certification acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase® software during complex computer examinations. Recognized by both the law enforcement and corporate communities as a symbol of in-depth computer forensics knowledge, EnCE certification illustrates that an investigator is a skilled computer examiner.