Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

OpenText EnCase Digital Forensics - Essentials

( Duration: 4 Days )

The OpenText EnCase Digital Forensics training course provides you with an understanding of how EnCase may be used to examine data related to an incident response, an employee misconduct investigation, and/or a law enforcement criminal and/or civil investigation. You will create cases using EnCase, configure the application to maximize its utilization, and learn evidence acquisition concepts and how to validate the data collected. Instruction progresses to the analysis of the data whether related to criminal investigations, cybersecurity incidents, or other matters. The course will cover techniques, such as keyword or indexed searching along with hash analysis. You will learn how to bookmark, export, and create reports relating to examination findings. The course concludes with instruction on archiving, validating the data, and restoring the case.

By attending OpenText EnCase Digital Forensics workshop, delegates will learn:

  • The EnCase digital forensic methodology
  • How to navigate the EnCase interface
  • How to extract data and files from your evidence
  • How to bookmark evidence files, file sets, and data structures
  • How to conduct raw and index searches
  • How to analyze file signatures and view files
  • How to conduct hash and entropy analyses and import hash sets
  • How to import and export data to and from Project VIC
  • How to install external file viewers to EnCase
  • How to prepare reports, using templates provided with EnCase
  • How to create a report template
  • How to restore evidence
  • How to archive files and data created through the analysis process
  • The proper techniques for handling and preserving evidence

  • Knowledge of basic computer forensics will be helpful
The OpenText EnCase Digital Forensics class is ideal for:
  • Digital Forensic Investigators, including Law Enforcement, Government, Military, Corporate, IT Security & Litigation Support Professionals.

COURSE AGENDA

1

Day 1

  • Creating a case file in EnCase
  • Navigating within the EnCase environment
  • Understanding concepts of digital evidence and disk/volume allocation:
    • Types of evidence
    • Terminology describing data storage, including unallocated space, unused disk area, volume slack, file slack, RAM slack and disk slack
  • Documenting EnCase concepts including:
    • Evidence files
    • Case files and backups
    • Configuration files
    • Object icons within EnCase
    • Acquiring media in a forensically sound manner
2

Day 2

  • Previewing a running computer (even one using full disk encryption) using multiple techniques, including the Direct Network Preview function
  • Running EnCase utilities to capture RAM
  • Processing evidence:
    • Running processes, including file signature analysis, protected file analysis, hash and entropy analysis, email and internet artifact analysis, and word/phrase indexing
    • Executing modules, including file carver, Windows artifacts parser and system info parser
    • Bookmarking and tagging data for inclusion in the final report
    • Creating and conducting raw keyword searches and index search queries to locate search expressions of interest
3

Day 3

  • Creating and conducting index search queries and raw keyword searches
  • Incorporating the use of installed external viewers used by examiners into EnCase
  • Copying files, folders and data from EnCase to the local file system using different methodologies within EnCase, including mounting devices, volumes and folders as a network share within the local file system for analysis by other tools
  • Incorporating external files within EnCase and creating a logical evidence file of selected objects within the case
  • Including external files within EnCase and creating a logical evidence file of selected objects within the case
  • Performing signature analysis to determine the true identities of file objects and to ascertain if files were renamed to hide their true identities
  • Conducting hash analysis using unique values calculated based on file logical content to identify and/or exclude files
  • Importing and exporting data to/from Project VIC
4

Day 4

  • Running entropy analysis to locate files that may be near matches to other files or that may be password protected, obfuscated or encrypted
  • Locating and recovering evidence, including images, documents and videos in unallocated space manually and by using EnScript programs
  • Creating a report of files and data bookmarked during the examination:
    • Exporting reports
    • Modifying basic reporting formats
    • Creating templates for future case utilization
    • Reacquiring evidence to change evidence file settings
    • Restoring evidence to run proprietary software or as required by a court order
    • Archiving and reopening an archived case
    • Completing a comprehensive final practical exercise

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X