Course Description

**Formerly EnCase Advanced Computer Forensics

This Training OnDemand course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.

CPE Credits - 0

This course provides in-depth coverage on topics, including:

• Examination of the Microsoft Windows Registry
• The use of block-based file hash analysis for file recovery
• Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
• Examination and recovery of Windows event logs
• Hardware and software RAID technology, acquisition, and examination
• Understanding SQLite databases and querying their data
• Recovering deleted SQLite data
• The purpose and function of prefetch files and how to analyze them
• Principles of encrypted data recovery
• Various techniques on the examination RAM
• Low-level data recovery from Zip files and the latest version of Microsoft Word documents

SYSTEM REQUIREMENTS

• A desktop/laptop computer.
  • Microsoft® Windows operating system is recommended.
• Internet access
• Latest Adobe® Reader software http://www.adobe.com
• Some courses offer the ability to conduct optional practical exercises on a remote workstation. Chrome and Firefox are recommended.

***OpenText Learning Subscription, Special Edition holders may only be registered in two (2) OnDemand courses concurrently

You are registering for an online class. EnCase Training OnDemand courses can be accessed online 24/7.

Contact:encasetraining@opentext.com

1-626-463-7966

TERMS & CONDITIONS

• Access to the course materials for our EnCase Training OnDemand classes will be granted once payment is received.
• The Training OnDemand courses are valid one year from the date of purchase.
• Once a course is accessed, the student will have 60 days to complete the course
• Each Training OnDemand course can only be taken once.
• Students can only be enrolled in two Training OnDemand classes concurrently.
• PHYSICAL MANUALS ARE NOT AVAILABLE FOR TRAINING ONDEMAND COURSES.
• A timed eBook will be assigned for each course and can be viewed for one year. Printing and copying of eBooks are prohibited by the DMR application.

The professional services and/or learning services (if applicable) set out in this quotation will be provided pursuant to the OpenText Professional Services Program Handbook applicable to the services being purchased (available at www.opentext.com/agreements ) For your reference, the direct link to the Handbook is here: https://www.opentext.com/file_source/OpenText/en_US/PDF/opentext-encase-program-handbook-en.pdf

Prerequisites

Basic computer skills. Advance preparation for this course is not required.