DFIR350 - Internet-based Investigation with EnCase OnDemand
Duration: 32 Hours
**Formerly EnCase Advanced Internet Examinations
This OnDemand course involves practical exercises and challenging real-life case investigations pertaining to Internet-based investigations. Artifacts from popular peer-to-peer and file sharing programs, such as BitTorrent, Ares, and Gigatribe will be retrieved and examined. Emails and the Internet are the cornerstones of consumer and business use. Virtually all examinations ranging from corporate to criminal to cybersecurity investigations will involve the interrogation of email and Internet data. Artifacts from the most widely utilized Internet browsers, including Internet Explorer/Edge, Firefox, and Chrome will be analyzed.
CPE Credits - 0
This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the DF210-Building an Investigation course, continuing with a focus on file and operating system examinations.
Basic computer skills. Advance preparation for this course is not required.
The course provides in-depth coverage on artifacts involving:
- Students will learn the history, operation, and artifacts associated with peer-to-peer file-sharing applications, such as BitTorrent™ and the Ares Galaxy P2P network
- Students will learn about how the GigaTribe peer-to-peer software allows its users to chat and share files individually and within groups
- Students will learn the operation of the Microsoft® Internet Explorer Web browser with regards to typed URLs, password and form-data storage, cookies, Internet history, and cache content
- Students will learn how Web pages are constructed and will use this information together with their new-found knowledge of cached Internet Explorer Web content to correctly rebuild Web pages
- Students will learn about the history, operation, and artifacts associated with Mozilla Firefox® and Google Chrome®
- Students will learn about the operation of Web search engines
- Students will learn the fundamental principles of email operation, how email is sent and received; also how email message data (including attachment data) is encoded and how deleted data may be recovered in certain circumstances
- Students will learn about the Microsoft® Outlook PST structure
- 1. A desktop/laptop computer.
- Microsoft® Windows operating system is recommended.
- 2. Internet access
- 3. Latest Adobe® Flash Player software http://www.adobe.com
- 4. Latest Adobe Reader software http://www.adobe.com
- 5. Some courses offer the ability to conduct optional practical exercises on a remote workstation. Internet Explorer and Firefox are recommended.
***Passport students may only be registered in two (2) OnDemand courses concurrently
You are registering for an online class. EnCase OnDemand Courses can be accessed online 24/7.
TERMS & CONDITIONS
Training materials for this course, including the DFIR350 - Internet-based Investigation with EnCase® OnDemand student manual, will be sent electronically. MANUALS ARE AVAILABLE ONLY ELECTRONICALLY. PHYSICAL COPIES OF MANUALS ARE NOT AVAILABLE WITH TRAINING OnDEMAND COURSES.