1 (888) 999-9712 |
Customer Service
|
Customer Portal
Products
EnCase® Enterprise Platform
EnCase® eDiscovery
EnCase® Cybersecurity
EnCase® Forensic
EnCase® Portable
Tableau Forensic
Services
Professional Services
Advisory Program
Implementation
Casework
Security Assessment
Data Mapping
Legal Hold & ECA Jump-Start
Integration
Staff Augmentation
Training
Training Overview
Course Offerings
Course Schedule
Training Programs
Certification Programs
Certifying Organizations
Training Partners
Resources
Webinars & Demos
Whitepapers & Briefs
Events Calendar
Digital Forensics Today Blog
Threat Response Blog
Guidance on E-Discovery Blog
Real eDiscovery Magazine
EnCase® Legal Journal
CEIC Conference 2012
CISO Conference 2012
Customer Center
Customer Service
Technical Support
CEIC Conference
Training
Professional Services
Product Registration
Partners
Channel Partner Program
Channel Partners
Channel Partner Portal
Service Providers
Law Firms
About Us
Company Overview
Management
eDiscovery Legal Team
Newsroom
Careers
Investors
Contact Us
Home
/
This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic version 7 (EnCase v7). This course builds upon the skills covered in the EnCase® v7 Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase v7. Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts.
*Students must understand evidence handling; the structure of the evidence file; creating and using case files; data acquisition methods including DOS based, hardware write protected, crossover cable and disk to disk; recovering deleted files and folders in a FAT environment; keyword searches across logical and physical media; creating and using EnCase bookmarks; file signatures and signature analysis; and locating and understanding Windows® artifacts. Delivery method: Group-Live. NASBA defined level: intermediate.
Focusing on commonly conducted investigations, students will learn about the following:
32
Intermediate
EnCase® v6 Computer Forensics I
Advance preparation for this course is not required.
This course is intended for IT security professionals, litigation support and forensic investigators. Participants should have attended the EnCase® Computer Forensics I.
Tuition is $2,495.00 per student.
See Class Details for Actual Tuition Costs
How to locate and recover deleted partitions
How to deal with compound file types
Students will learn about the Windows® Registry
How to determine time zone offsets and properly adjust case settings
Students will gain an overview of the NT file system
Students will learn how to use the EnCase® Evidence Processor
How to recover deleted folders and conduct an index search
The differences between single and logical evidence files and how to create and use of logical evidence files
Students will gain an understanding of the EnCase® Virtual File System (VFS) Module and EnCase® Physical Disk Emulator (PDE) Module
How to conduct keyword searches and advanced searches using GREP
How to identify Windows 7 operating system artifacts, such as link files, Recycle Bin, and user folders
Students will learn how to examine email and Internet artifacts
How to create and use conditions for effective searching
How to conduct a search for email and email attachments
How to recover artifacts, such as swap files, file slack, and spooler files
How to recover data from the Recycle Bin
How to prepare reports and evidence for presentation in court
SELECT LOCATION
SELECT DATE
COURSE INFORMATION
Chicago, IL
George Mason University (BitSec)
Hong Kong SWP
Houston, TX
Kingston, Jamaica
Markham, Ontario
Melbourne, Australia (invest-e-gate)
Orlando, FL
Ottawa, ON Canada
Pasadena, CA
Salt Lake City, UT
Seoul, South Korea
Switzerland (City TBA)
The Woodlands, TX
United Kingdom
Veenendaal, The Netherlands
Washington, DC
DIRECTIONS
For more information regarding refund concerns and program cancellation policies, contact Guidance Software Training at
training@guidancesoftware.com
or call 626.229.9191 ext. 566.