You are here: Home 專業證書Certification trainings and short courses Cert. Courses Content EnCase Computer Forensic 2 (V7)

EnCase V7 Training

EnCase Computer Forensic 2 (V7)

Course Overview

The Forensics II course builds upon the skills covered in the EnCase Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase.  For this reason, we STRONGLY recommend our Computer Forensics I as a prerequisite.  Prospective students who have not taken Forensics I must understand evidence handling; the structure of the evidence file; creating and using case files; data acquisition methods including DOS based, hardware write protected, crossover cable and disk to disk; recovering deleted files and folders in a FAT environment; keyword searches across logical and physical media; creating and using EnCase bookmarks; file signatures and signature analysis; and locating and understanding Windows® artifacts.

Focusing on commonly conducted investigations, students will learn about the following:

  • How to locate and recover deleted partitions
  • How to deal with compound file types
  • Students will learn about the Windows® Registry
  • How to determine time zone offsets and properly adjust case settings
  • Students will gain an overview of the NT file system
  • Students will learn how to use the EnCase® Evidence Processor
  • How to recover deleted folders and conduct an index search
  • The differences between single and logical evidence files and how to create and use of logical evidence files
  • Students will gain an understanding of the EnCase® Virtual File System (VFS) Module and EnCase® Physical Disk Emulator (PDE) Module
  • How to conduct keyword searches and advanced searches using GREP
  • How to identify Windows 7 operating system artifacts, such as link files, Recycle Bin, and user folders
  • Students will learn how to examine email and Internet artifacts
  • How to create and use conditions for effective searching
  • How to conduct a search for email and email attachments
  • How to recover artifacts, such as swap files, file slack, and spooler files
  • How to recover data from the Recycle Bin
  • How to prepare reports and evidence for presentation in court

CPE Credit

32

Prequisite

EnCase® V7 Computer Forensics I.

Who Should Attend

This course is intended for IT security professionals, litigation support and forensic investigators. Participants should have attended the EnCase Computer Forensics I.

Schedule and Fees

Course Code: EnCE02-01
Course Name: EnCase® Computer Forensics II (V7)
Schedule Date: Date: Upon Request
Schedule Time: Upon Request
Sessions: 4 days

Venue: 3/F, 480 Nathan Road, Kowloon, Hong Kong

Application & Enrolment

Please contact Mr Cheng at:

Hong Kong Telephone: (852) 2206-9011
Macau Telephone: (853) 6636-9010
Mainland China Telephone: (86)1326 6941 519 This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

Joomla 1.6 Templates designed by Joomla Hosting Reviews