EnCase v7 Computer Forensic II
EnCase® v7 Computer Forensics II (CF2)
This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic version 7 (EnCase v7). This course builds upon the skills covered in the EnCase® v7 Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase v7.
Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts.
Delivery method: Group-Live. NASBA defined level: intermediate.
Focusing on commonly conducted investigations, students will learn about the following:
How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
How to locate and recover deleted partitions
How to deal with compound file types
Students will learn about the Windows® Registry
How to determine time zone offsets and properly adjust case settings
Students will gain an overview of the NT file system
Students will learn how to use the EnCase® Evidence Processor
How to recover deleted folders and conduct an index search
The differences between single and logical evidence files and how to create and use logical evidence files
Students will gain an understanding of the EnCase® Virtual File System (VFS) Module
and EnCase® Physical Disk Emulator (PDE) Module
How to conduct keyword searches and advanced searches using GREP
How to identify Windows 7 operating system artifacts, such as link files, Recycle Bin, and user folders
Students will learn how to examine e-mail and Internet artifacts
How to create and use conditions for effective searching
How to conduct a search for e-mail and e-mail attachments
How to recover artifacts, such as swap files, file slack, and spooler files
How to recover data from the Recycle Bin
Training Schedule & Training Fees
EnCase v7 Computer Forensics II (CF2) Training
Time: 09:00 to 18:00 <Four-Days>
Venue: Hong Kong
Training Fees: HK$ 22,000 per student
Medium of instruction: Taught in “Cantonese” Language with English terms
Schedule : 17-20 May. 2016
Medium of instruction: Taught in English Language
Schedule : 24-27 May 2016
EnCase v7 Computer Frorensics I
Who Should Attend:
This course is intended for IT security professionals, litigation support and forensic investigators. Participants should have attended the EnCase® Computer Forensics I course.
• Limited offer, first come first served.
• A Performer Ltd reserves the right to change the promotion detail without prior notice.
• A Performer Ltd reserves the right to final decision.
• The course will not commence unless there is a sufficient number of enrolled students.
• All fees paid are neither refundable nor transferable.
The EnCase® Certified Examiner (EnCE®) program certifies both public and private sector professionals in the use of Guidance Software's EnCase® computer forensic software. EnCE® certification acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase® software during complex computer examinations. Recognized by both the law enforcement and corporate communities as a symbol of in-depth computer forensics knowledge, EnCE certification illustrates that an investigator is a skilled computer examiner.