DF320 - Advanced Analysis of Windows Artifacts with EnCase
Duration: 4 Days
**Formerly EnCase Advanced Computer Forensics
This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.
Delivery method: Group-Live. NASBA defined level: advanced.
CPE Credits - 32
This course provides in-depth coverage on topics, including:
- Understanding SQLite databases and querying their data
- Recovering deleted SQLite data
- The use of block-based file hash analysis for file recovery
- Examination of the Microsoft Windows Registry
- Analyzing Userassist and ShellBag registry data
- The purpose and function of prefetch files and how to analyze them
- Analyzing Windows system databases
- Understanding and examination of the Windows timeline
- Understanding and examining of the System Resource Usage Monitor Database
- Identifying Windows notifications and how they can be customized
- Understanding how the system resource usage monitor is implemented
- Examination and recovery of Windows event logs
- Examination of Volume Shadow Copy (VSC) and File History data
- Identification and recovery of encrypted data
- Understanding how BitLocker is implemented and the options for recovery and searching
- Examination RAM using MemProcFS
- Low-level data recovery from Zip files and the latest version of Microsoft Word documents
- Hardware and software RAID technology, acquisition, and examination
Audience
This course is intended for law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the curriculum included in the DF210-Building an Investigation course, continuing with a focus on file and operating system examinations.
Prerequisites
DF210 - Building an Investigation with EnCase or EnCE Certification.
Pricing
| Format | Currency | Price |
|---|---|---|
| Per Student at OpenText Site | € | 2,800.00 |
| Per Student at OpenText Site | GBP | 2,200.00 |
| Per Student at OpenText Site | USD | 3,200.00 |
Taxes: All prices exclude VAT or other taxes where applicable (all currencies).
Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.
Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.
Course and workshop calendar
Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.
| Start Date | End Date | Start Time | TimeZone | Session Duration | Language | Location | Price | Currency | Guaranteed To Run | Add |
|---|---|---|---|---|---|---|---|---|---|---|
| May 16, 2023 | May 19, 2023 | 08:00 | (UTC+01:00) Europe/London (BST) | Full Day | English | GSI-Reading, UK | 2,200.00 | GBP | Add to cart | |
| May 16, 2023 | May 19, 2023 | 08:00 | (UTC+01:00) Europe/London (BST) | Full Day | English | Virtual Classroom - Europe GSI UK Time | 2,200.00 | GBP | Add to cart | |
| Jun 13, 2023 | Jun 16, 2023 | 08:00 | (UTC-07:00) America/Los_Angeles (PDT) | Full Day | English | GSI-Pasadena, CA | 3,200.00 | USD | Add to cart | |
| Jun 13, 2023 | Jun 16, 2023 | 08:00 | (UTC-08:00) America/Los_Angeles (PST) | Full Day | English | Virtual Classroom - North America GSI Pacific Time | 3,200.00 | USD | Add to cart |