Courses & Workshops

Have questions about training?     Contact us

IR250 - Incident Investigation

Duration: 4 Days

This hands-on course focuses on the use of EnCase® Endpoint Investigator (EnCase) and other tools to acquire and analyze data in a manner that demonstrates the relevance of various file system, network, and memory-based artifacts in the context of an investigative scenario. Students will examine the different factors that affect incident investigations, including planning, basic forensic principles, and examination and response options. They will observe how failing to take note of important issues and implement suitable policies can lead to weaknesses in IT infrastructure and the loss of evidential data. Conversely students will learn to appreciate the benefits of forward planning, employee education, audit and event logging, and suitable access-control policies. This course is very much focused on the recovery of data for the purposes of an investigation and the context in which said data may prove valuable. Students will participate in practical exercises throughout the course to underscore and drive home the skills taught.

Delivery method: Group-Live. NASBA defined level: basic

CPE Credits - 32

Audience

This entry-level course is intended for digital forensic investigators, including IT specialists, security analysts, DFIR practitioners, and traditional digital investigators. Participants should have Foundations level EnCase skills.

Prerequisites

Participants should have attended the EnCase course, DF120 – Foundations of Digital Forensics or EnCase v7 Computer Forensics I (offered prior to June, 2016)

Summary:

Students attending this course will learn the following:

  • Incident investigation/response considerations
  • How to capture disk and memory data using EnCase Endpoint Investigator and other tools
  • The significance of Windows Registry and file-system metadata, paying particular attention to the NT file system (NTFS) and timestamp analysis
  • How to identify and recover data encrypted using the Microsoft® Encrypting File System (EFS) and BitLocker®; also how properly applied group policies can help to recover said data and the potential significance of NTFS alternate data streams
  • The benefits of USN change log and ShellBag analysis and how they may complement one another
  • The significance and analysis of shortcut link files and jumplists
  • Windows event log and $LogFile analysis
  • Microsoft Windows® Recycle Bin mechanics and analysis
  • Examination of volume shadow copies
  • Memory analysis using Volatility; also the recovery of passwords, encryption keys, and other data from memory dumps
  • Determining the nature, identity, and provenance of files and folders using hash, signature, and USN change log analysis
  • Identification and recovery of artifacts from Internet Explorer, Edge, Firefox, and Chrome

Please note that this course touches on subjects covered by other EnCase Training courses, so attendees of those courses may experience a small overlap.

Pricing

Format Currency Price
Per Student at Open Text Site €  2,587.95 
Per Student at Open Text Site GBP  2,268.45 
Per Student at Open Text Site USD  3,195.00 

Taxes: All prices exclude VAT or other taxes where applicable (all currencies).

Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.

Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.

Course & Workshop Calendar

Below is a listing of all the currently available dates and locations for this course and/or workshop from Open Text.

Selection & Registration Process

Before you can register for a course or workshop, you need to select which one you want to attend. To do this, simply click on the "Add to cart" link and it will be added to your shopping cart.

Note: After clicking on the "Add to cart" link, you will be taken to the main course and workshop selection page where all of the courses and workshops you have added to your shopping cart will appear at the top of the page.

Once you have selected all the courses and workshops you want to attend, simply select the "Check-out link and complete the registration form.

Date Course Type Course Name Language Location Price Add
Nov 06, 2018  On-site  IR250 - Incident Investig  English  GSI-Washington, DC 3,195.00  Add to Cart 
Mar 05, 2019  On-site  IR250 - Incident Investig  English  GSI-Washington, DC 3,195.00  Add to Cart 
Mar 05, 2019  On-site  IR250 - Incident Investig  English  Virtual Classroom - North America GSI Eastern Time 3,195.00  Add to Cart 
Apr 16, 2019  On-site  IR250 - Incident Investig  English  GSI-Reading 2,268.45  Add to Cart 
Apr 16, 2019  On-site  IR250 - Incident Investig  English  Virtual Classroom - Europe GSI UK Time 2,268.45  Add to Cart 
Apr 23, 2019  On-site  IR250 - Incident Investig  English  GSI-Pasadena 3,195.00  Add to Cart 
Apr 23, 2019  On-site  IR250 - Incident Investig  English  Virtual Classroom - North America GSI Pacific Time 3,195.00  Add to Cart