DF120 – Foundations in Digital Forensics with EnCase Forensic

Date:TBA

Price: AUD$ 4950 per person

Location: Online Learning

More Info

**Formerly EnCase v7 Computer Forensics I.

This hands-on course involves practical exercises and real-life simulations in the use of EnCase® software (EnCase). The class provides participants with an understanding of how EnCase may be used to examine data related to an incident response, an employee misconduct investigation, and/or a law enforcement criminal and/or civil investigation. Participants create cases using EnCase, configure the application to maximize its utilization, and learn evidence acquisition concepts and how to validate the data collected. Instruction progresses to the analysis of the data whether related to criminal investigations, cybersecurity incidents, or other matters. The course will cover techniques, such as keyword or indexed searching along with hash analysis. Participants will learn how to bookmark, export, and create reports relating to examination findings. The course concludes with instruction on archiving, validating the data, and restoring the case.

Delivery method: Group-Live. NASBA defined level: basic.

Students attending this course will learn the following:

  • The EnCase digital forensic methodology
  • How to navigate the EnCase interface
  • How to extract data and files from your evidence
  • How to bookmark evidence files, file sets, and data structures
  • How to conduct raw and index searches
  • How to analyze file signatures and view files
  • How to conduct hash and entropy analyses and import hash sets
  • How to import and export data to and from Project VIC
  • How to install external file viewers to EnCase
  • How to prepare reports, using templates provided with EnCase
  • How to create a report template
  • How to restore evidence
  • How to archive files and data created through the analysis process
  • The proper techniques for handling and preserving evidence
/* Omit closing PHP tag at the end of PHP files to avoid "headers already sent" issues. */