DF210 - Building an Investigation with EnCase OnDemand

Duration: 32 Hours

This OnDemand course is designed for investigators with solid computer skills, prior computer forensics training, and experience using OpenText™ EnCase™ Forensic (EnCase). This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase. This course will build an investigation using analysis techniques, such as recovering volumes, registry analysis, and examining compound files. The course progresses through the analysis of Windows artifacts, shortcut link files, Recycle Bin, stored internet data, and email. This course will assist criminal, corporate, and cybersecurity analysts.

Students must understand EnCase forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating and using EnCase bookmarks, file signature analysis, and exporting evidence.

CPE Credits - 0

Focusing on commonly conducted investigations, students will learn about the following:

• How to recover encrypted information particularly that which was encrypted using Windows BitLocker™
• How to locate and recover deleted partitions
• Students will learn how to deal with compound file types
• Students will learn about the Windows® Registry
• How to determine time zone offsets and properly adjust case settings
• How to create and use conditions for effective searching
• Students will learn how to use the OpenText™ EnCase™ Evidence Processor
• Students will gain an overview of the FAT, ExFAT, and NT file system
• How to conduct keyword searches and advanced searches using GREP
• The differences between single and logical evidence files and how to create and use of logical evidence files
• How to identify Windows operating system artifacts, such as link files, Recycle Bin, and user folders
• How to recover data from the Recycle Bin
• How to recover artifacts, such as swap files, file slack, and spooler files
• How to conduct a search for email and email attachments
• Students will learn how to examine email and Internet artifacts
• How to identify and recover data relating to the use of removable USB devices

SYSTEM REQUIREMENTS

• A desktop/laptop computer.
  • Microsoft® Windows operating system is recommended.
• Internet access
• Latest Adobe® Reader software http://www.adobe.com
• Some courses offer the ability to conduct optional practical exercises on a remote workstation. Chrome and Firefox are recommended.

***Security Edition Subscription holders may only be registered in two (2) Training OnDemand courses concurrently

You are registering for an online class. EnCase Training OnDemand courses can be accessed online 24/7.

Contact:encasetraining@opentext.com

1-626-463-7966

TERMS & CONDITIONS

• Access to the course materials for our EnCase Training OnDemand classes will be granted once payment is received.
• The Training OnDemand courses are valid one year from the date of purchase.
• Once a course is accessed, the student will have 60 days to complete the course
• Each Training OnDemand course can only be taken once.
• Students can only be enrolled in two Training OnDemand classes concurrently.
• PHYSICAL MANUALS ARE NOT AVAILABLE FOR TRAINING ONDEMAND COURSES.
• A timed eBook will be assigned for each course and can be viewed for one year. Printing and copying of eBooks are prohibited by the DMR application.

The professional services and/or learning services (if applicable) set out in this quotation will be provided pursuant to the OpenText Professional Services Program Handbook applicable to the services being purchased (available at www.opentext.com/agreements ) For your reference, the direct link to the Handbook is here: https://www.opentext.com/file_source/OpenText/en_US/PDF/opentext-encase-program-handbook-en.pdf

Audience

This course is intended for cybersecurity professionals, litigation support, and forensic investigators.

Prerequisites

Basic computer skills. Advance preparation for this course is not required.