EnCase 7 - Basic + Intermediate Topics



Similar documents
Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Forensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR

Introduction to Computer Forensics ITP 499 (3 Units)

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Computer Forensics. Securing and Analysing Digital Information

Computer Forensics Principles and Practices

Windows 7: Current Events in the World of Windows Forensics

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

Course Title: Computer Forensic Specialist: Data and Image Files

CCE Certification Competencies

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Can Computer Investigations Survive Windows XP?

Paraben s P2C 4.1. Release Notes

Digital Forensics. Module 4 CS 996

EnCase v7 Essential Training. Sherif Eldeeb

RECOVERING FROM SHAMOON

Maintaining a Microsoft Windows Server 2003 Environment

Digital Forensics, ediscovery and Electronic Evidence

Technical Procedure for Evidence Search

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology

The following features have been added to FTK with this release:

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

Ans.: You can find your activation key for a Recover My Files by logging on to your account.

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

information security and its Describe what drives the need for information security.

Determining VHD s in Windows 7 Dustin Hurlbut

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

BitLocker To Go User Guide

Operating Systems Forensics

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

UNDELETE Users Guide

Maintaining a Microsoft Windows Server 2003 Environment

SSD Guru. Installation and User Guide. Software Version 1.4

1! Registry. Windows System Artifacts. Understanding the Windows Registry. Organization of the Windows Registry. Windows Registry Viewer

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

Advanced Methods and Techniques

MANAGING DISK STORAGE

Installing, Configuring, and Managing a Microsoft Active Directory

EC-Council Ethical Hacking and Countermeasures

QUICK RECOVERY FOR RAID

Course: Fundamentals of Microsoft Server 2008 Active Directory

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

Digital Forensic Tool for Decision Making in Computer Security Domain

Networking Lab - Vista Public Network Sharing

NSS Volume Data Recovery

Acronis Disk Director 11 Home. User's Guide

Retrieving Internet chat history with the same ease as a squirrel cracks nuts

Recover data from a defective Fujitsu desktop drive

Retrospect 7.7 User s Guide Addendum

USB Bare Metal Restore: Getting Started

DIGIPASS CertiID. Getting Started 3.1.0

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane

Backup Exec 2010: Archiving Options

UNDELETE Users Guide

PTK Forensics. Dario Forte, Founder and Ceo DFLabs. The Sleuth Kit and Open Source Digital Forensics Conference

UNDELETE 7.0 USER GUIDE

Excerpts from EnCase Introduction to Computer Forensics

EUCIP IT Administrator - Module 2 Operating Systems Syllabus Version 3.0

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

User Manual. Published: 12-Mar-15 at 09:36:51

MSc Computer Security and Forensics. Examinations for / Semester 1

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

Hands-On How-To Computer Forensics Training

Optional Lab: Data Backup and Recovery in Windows Vista

Microsoft" Windows8 Home Server

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Fundamental Theory & Practice of Digital Forensics. Training Course

IT Essentials v4.1 LI Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI Windows OS directory structures

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

Microsoft Office Outlook 2013: Part 1

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Kaseya 2. User Guide. Version 7.0. English

Computer Forensic Capabilities

Guide to Computer Forensics and Investigations, Second Edition

Online Backup and Recovery Manager Setup for Microsoft Windows.

Dell Active Administrator 8.0

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

Chapter 5: Fundamental Operating Systems

An Application Footprint Reference Set: Tracking the Lifetime of Software

HW 07: Ch 12 Investigating Windows

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Computer Forensic Specialist. Course Title: Computer Forensic Specialist: Storage Device & Operating Systems

EnCase Forensic Product Overview

Windows Data Recovery Home 6.0

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

Overview. Timeline Cloud Features and Technology

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics and Cyber Crime Datamining

Comodo BackUp Software Version 4.4

Managing Applications, Services, Folders, and Libraries

InstaFile. Complete Document management System

Automating the Computer Forensic Triage Process With MantaRay

Mobile Device Security and Encryption Standard and Guidelines

Web Browser Session Restore Forensics A valuable record of a user s internet activity for computer forensic examinations

CLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013

A Day in the Life of a Cyber Tool Developer

Microsoft Office Outlook 2010: Level 1

Transcription:

EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic examination with EnCase v. 7. Operating systems analyzed: Windows XP Windows 7 The course will focus on the traditional artifacts associated with normal operating system functions and user interactions. Topics covered will be those found most commonly in digital forensic examinations. Prerequisites This course is designed for a beginning Digital Forensic or ediscovery practitioner with a basic understanding of Microsoft Windows operating system functionality. To gain the maximum benefit from this course you should meet or exceed the following requirements: Read and understand the English language Attendance of a basic digital forensic training is preferred, but not required Be familiar with the Microsoft Windows environment and data recovery concepts Course Outline The course will follow adult learning principles through training aids such as presentations, diagrams and practical instructor lead examples. Each topic covered will be presented in either one or two 50 minute sessions followed by review questions. Students will be given the opportunity throughout the course to ask questions and discus objectives covered in more detail. Ample time will be allotted for hands on exercises to reinforce the topics covered. The course will be structured as follows: Introduction and Digital Forensic & ediscovery Overview Introductions by the course instructor and students Identify the typical components of a digital forensic examination Identify the typical components of an ediscovery examination Drive Interfaces Identify the main drive interfaces likely to be found Explanation of the purpose of drive jumpers

Explanation of use hard drive adaptors BIOS and CMOS Explanation of the system BIOS Explanation of the system CMOS Identify items of forensic interest in the CMOS Discuss methods to circumvent/disable passwords associated with the CMOS Computer Data Explanation of how data is stored on various media Discuss the components of the ASCII/ANSI chart and define Unicode Explanation of the binary, decimal and hexadecimal numbering schemes Identify various locations of interest where data will be found in the various formats Physical and Logical Characteristics Explanation of physical components of media Define the term sector and LBA Explanation of logical structures of media Operating and File Systems Explanation of an Operating System Identify the most commonly utilized Operating Systems Explanation of a File System Identify the most commonly utilized File Systems MBR Partitioning Explanation of the Master Boot Record and its function Explanation of the Master Partition table and its function Primary and Extended partition structuring Identification of deleted and hidden partitions GUID Partitioning Explanation of Protected MBR Explanation of the GUID Partition structure

FAT File System Describe the components of the FAT File System Explanation of the format command and the results of its use Identify the System and Data area on a formatted logical volume Explanation of the changes to a piece of media when a file is created using the FAT file system Explanation of the changes to a piece of media when a file is deleted using the FAT file system NTFS File System Describe the components of the NTFS File System Describe the basic functions of the $Metadata files Describe the MFT entry attributes for files and folders Explanation of the changes to a piece of media when a file is created using the NTFS file system Explanation of the changes to a piece of media when a file is deleted using the NTFS file system Forensic Triage and Duplication Discuss the use of forensic tools to conduct a forensic triage Explanation of the key factors used to triage digital media Explanation of the different digital forensic duplication options Explanation of MD5/SHA1/SHA256 hashing as it relates to forensic duplication Discuss forensic duplication issues most commonly seen Examine digital media and forensic image files to conduct a forensic triage Create duplicate images of various media types Convert forensic duplicate formats Combine a split forensic image into one image file EnCase 7 Overview Identification of the configuration Files Creation of the required storage locations Explanation of the method to create a case Highlighting to panes and windows within the application Explanation of the Bookmarking feature Recovery Module Usage of the Case Processor feature to recover deleted partitions

Explanation of the Recover Folders function Signature and Hash Analysis Explanation of the Signature Analysis feature Explanation of the Hash Analysis feature Importing of NSRL and Hashkeeper databases Creating and editing custom hash sets Data carve subject media for various file types Searching Creating local and global keywords Conducting a keyword search and analysis Advanced and GREP searching techniques Recycle Bin functionality across Windows Systems Examination of Windows XP Recycle Bin functionality and the structure of the Recycler folder Examination of Windows Vista / Windows 7 Recycle Bin implementation and the $R \ $I file pairs Link Files Explanation of Windows shortcuts Identify data of interest contained in a link file Running the Link File Parser feature of Case Processor Windows Registry Explanation of the function of the Windows Registry Identify the Windows system files that comprise the Registry Identify key structures and locations within Registry hives Identification of key investigative artifacts within the Registry Email Describe the usage of container files by email applications Describe the usage of individual message files by email applications Discuss the potential for deleted email file recovery Explanation of a basic email header

Internet Artifacts Describe the basic artifacts left behind by Internet Browsers Discuss form data and password recovery from Internet Browser artifacts Describe the basic artifacts left behind by Instant Messenger applications Discuss chat log and password recovery from Instant Messenger artifacts

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information