DF320 - Advanced Analysis of Windows Artifacts with EnCase
Duration: 4 Days
**Formerly EnCase Advanced Computer Forensics
This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.
Delivery method: Group-Live. NASBA defined level: advanced.
CPE Credits - 32
This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the DF320-Building an Investigation course, continuing with a focus on file and operating system examinations.
DF210 - Building an Investigation with EnCase or EnCE Certification.
This course provides in-depth coverage on topics, including:
- Examination of the Microsoft Windows Registry
- The use of block-based file hash analysis for file recovery
- Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
- Examination and recovery of Windows event logs
- Hardware and software RAID technology, acquisition, and examination
- Understanding SQLite databases and querying their data
- Recovering deleted SQLite data
- The purpose and function of prefetch files and how to analyze them
- Principles of encrypted data recovery
- Various techniques on the examination RAM
- Low-level data recovery from Zip files and the latest version of Microsoft Word documents
|Date||Course type||Course name||Language||Location||Price||Add|
|Feb 05, 2019||On-site||DF320 - Advanced Analysis||English||GSI-Pasadena, CA||2,750.00||Add to cart|
|Mar 26, 2019||On-site||DF320 - Advanced Analysis||English||GSI-Reading, UK||1,952.50||Add to cart|
|May 21, 2019||On-site||DF320 - Advanced Analysis||English||GSI-Washington, DC||2,750.00||Add to cart|
|Jun 18, 2019||On-site||DF320 - Advanced Analysis||English||GSI-Pasadena, CA||2,750.00||Add to cart|
|Jun 18, 2019||On-site||DF320 - Advanced Analysis||English||Virtual Classroom - North America GSI Pacific Time||2,750.00||Add to cart|
|Jun 25, 2019||On-site||DF320 - Advanced Analysis||English||GSI-Reading, UK||1,952.50||Add to cart|
|Jun 25, 2019||On-site||DF320 - Advanced Analysis||English||Virtual Classroom - Europe GSI UK Time||1,952.50||Add to cart|