1 (888) 999-9712 |
Customer Service
|
Customer Portal
Products
EnCase® Enterprise Platform
EnCase® eDiscovery
EnCase® Cybersecurity
EnCase® Forensic
EnCase® Portable
Tableau Forensic
Services
Professional Services
Advisory Program
Implementation
Casework
Security Assessment
Data Mapping
Legal Hold & ECA Jump-Start
Integration
Staff Augmentation
Training
Training Overview
Course Offerings
Course Schedule
Training Programs
Certification Programs
Certifying Organizations
Training Partners
Resources
Webinars & Demos
Whitepapers & Briefs
Events Calendar
Digital Forensics Today Blog
Threat Response Blog
Guidance on E-Discovery Blog
Real eDiscovery Magazine
EnCase® Legal Journal
CEIC Conference 2012
CISO Conference 2012
Customer Center
Customer Service
Technical Support
CEIC Conference
Training
Professional Services
Product Registration
Partners
Channel Partner Program
Channel Partners
Channel Partner Portal
Service Providers
Law Firms
About Us
Company Overview
Management
eDiscovery Legal Team
Newsroom
Careers
Investors
Contact Us
Home
/
This hands-on course involves technical information and practical exercises about the NT File System (NTFS). The class addresses the technical aspects of NTFS, including an in-depth analysis of the Master File Table ($MFT) and its components. Students will locate and recover valuable NTFS artifacts and understand their evidentiary value. The structure of the NTFS directory will be examined and parsed. Students will recover encrypted passwords, identify alternate data streams, identify security permissions for users, and determine if other storage media was connected to an NTFS volume through reparse points. In addition, students will examine a partially wiped drive and recover files from the partially wiped NTFS volume using their new knowledge and skills.
Delivery method: Group-Live. NASBA defined level: advanced.
The meaning and relevance of the artifacts that administratively document NTFS are emphasized. The course provides in-depth coverage on artifacts, including:
32
Expert
EnCase Computer Forensics II or EnCE Certification. Advance preparation for this course is not required.
This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics and Internet-related access is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II course, continuing with a focus on NTFS file system examinations.
Tuition is $2,495.00 USD per student.
See Class Details for Actual Tuition Costs
Components of the NTFS Volume Boot Record and the Master File Table
Definitions and purpose of NTFS internal system files
Characteristics and storage of NTFS resident and non-resident attributes
Storage of alternate data streams and reparse points
Addressing NTFS user account information, encryption and file system security
Resolving Windows® Vista operating system symbolic links
Linking media to a NTFS volume
Addressing technical issues associated with NTFS
Advanced NTFS data recovery
SELECT LOCATION
SELECT DATE
COURSE INFORMATION
Chicago, IL
Houston, TX
Pasadena, CA
Switzerland (City TBA)
United Kingdom
Washington, DC
DIRECTIONS
For more information regarding refund concerns and program cancellation policies, contact Guidance Software Training at
training@guidancesoftware.com
or call 626.229.9191 ext. 566.