DFIR130 - EnCase Endpoint Investigator Training

Duration: 2 Days

This hands-on course involves practical exercises and real-life simulations in the use of OpenText™ EnCase™ Endpoint Investigator. The class provides participants with instruction on configuring EnCase Endpoint Investigator and how to use it to conduct previews, acquisitions, and searches. The course concludes with instruction on using bookmarking functionality to build a comprehensive case report.

Delivery method: Classroom. NASBA defined level: basic.

CPE Credits - 16

Audience

This course is intended to provide new or prospective users of the EnCase Endpoint Investigator software with a good working knowledge of the product in the shortest time. The focus is very much on practical configuration, navigation, and usability in a network environment. It is relevant to anyone who is likely to use the software for the preview, acquisition, and analysis of remote data. Participants may have minimal computer skills and be new to the field of computer forensics

Prerequisites

Basic computer skills. Advance preparation for this course is not required.

Summary

Students attending this course will learn the following:

• How to configure the Secure Authentication of EnCase (SAFE) server software.
• How to deploy the agent, which enables the examination of network nodes remotely.
• How to preview and acquire remote data, both at a physical (sector-by-sector) level and logically.
• How to preview and acquire physical memory (RAM) and capture a snapshot of volatile data, including open ports and running processes.
• How to navigate, filter, sort, and search data shown in the EnCase Endpoint Investigator interface.
• How to use the Evidence Processor to identify Internet artifacts.
• How to bookmark notable data and build a comprehensive case report.

 Course Syllabus