DF320 - Advanced Analysis of Windows Artifacts with EnCase OnDemand

Have questions about training?   Contact us

Duration: 32 hours

**Formerly EnCase Advanced Computer Forensics

This OnDemand course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.

CPE Credits - 0

Audience

This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the DF320-Building an Investigation course, continuing with a focus on file and operating system examinations.

Prerequisites

Basic computer skills. Advance preparation for this course is not required.

Summary

This course provides in-depth coverage on topics, including:

  • Examination of the Microsoft Windows Registry
  • The use of block-based file hash analysis for file recovery
  • Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
  • Examination and recovery of Windows event logs
  • Hardware and software RAID technology, acquisition, and examination
  • Understanding SQLite databases and querying their data
  • Recovering deleted SQLite data
  • The purpose and function of prefetch files and how to analyze them
  • Principles of encrypted data recovery
  • Various techniques on the examination RAM
  • Low-level data recovery from Zip files and the latest version of Microsoft Word documents

SYSTEM REQUIREMENTS

  • 1. A desktop/laptop computer.
    • Microsoft® Windows operating system is recommended.
  • 2. Internet access
  • 3. Latest Adobe® Flash Player software http://www.adobe.com
  • 4. Latest Adobe Reader software http://www.adobe.com
  • 5. Some courses offer the ability to conduct optional practical exercises on a remote workstation. Internet Explorer and Firefox are recommended.

***Passport students may only be registered in two (2) OnDemand courses concurrently

You are registering for an online class. EnCase OnDemand Courses can be accessed online 24/7.

Contact:encasetraining@opentext.com

1-626-463-7966

TERMS & CONDITIONS

Training materials for this course, including the DF320 – Advanced Analysis of Windows Artifacts with EnCase OnDemand student manual, will be sent electronically. MANUALS ARE AVAILABLE ONLY ELECTRONICALLY. PHYSICAL COPIES OF MANUALS ARE NOT AVAILABLE WITH TRAINING OnDEMAND COURSES.

Pricing

Format Currency Price
Per Student Online €  1,912.02 
Per Student Online GBP  1,620.79 
Per Student Online USD  2,195.00 

Taxes: All prices exclude VAT or other taxes where applicable (all currencies).

Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.

Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.

Course & Workshop Calendar

Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.

To register, please select the course you want to attend by clicking the "Add to cart" button.

Date Course type Course name Language Location Price Add
  Web-based  DF320 - Advanced Analysis  English  Web-based 2,195.00  Add to cart