DF210 - Building an Investigation with EnCase Forensic Training

 DF210 - Building an Investigation with EnCase Forensic Training

As an Authorized Training Partner of Guidance Software Inc (GSI) in Singapore, Bounga Informatics provides certified standard digital forensic training:

DF210 - Building an Investigation with EnCase Forensic Training
**Formerly EnCase v7 Computer Forensics II training

This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic. This course builds upon the skills covered in the DF120 - Foundations of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase®. It is essential that students fully understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk acquistion. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts.

Focusing on commonly conducted investigations, students will learn about the following:

  • How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
  • How to locate and recover deleted partitions
  • Students will learn how to deal with compound file types
  • Students will learn about the Windows® Registry
  • How to determine time zone offsets and properly adjust case settings
  • How to create and use conditions for effective searching
  • Students will learn how to use the EnCase® Evidence Processor
  • Students will gain an overview of the FAT, ExFAT, and NT file system
  • How to conduct keyword searches and advanced searches using GREP
  • The differences between single and logical evidence files and how to create and use logical evidence files
  • How to identify Windows operating system artifacts, such as link files, Recycle Bin, and user folders
  • How to recover data from the Recycle Bin
  • How to recover artifacts, such as swap files, file slack, and spooler files
  • How to conduct a search for e-mail and e-mail attachments
  • Students will learn how to examine e-mail and Internet artifacts
  • How to identify and recover data relating to the use of removable USB devices

Who Should Attend:
​This course is intended for IT security professionals, litigation support, and forensic investigators. Participants should have attended the Guidance Software course, DF120 – Foundations of Digital Forensics or EnCase v7 Computer Forensics I

This training will be delivered by high qualified instructors in Computer Forensics field.

USD2,750 or SGD3,850 per seat

Subscribe to Syndicate