Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

OpenText EnCase - Internet based Investigation

( Duration: 4 Days )

The OpenText EnCase - Internet based Investigation training course involves practical exercises and challenging real-life case investigations pertaining to Internet-based investigations. Artifacts from popular peer-to-peer and file sharing programs, such as BitTorrent, Ares, and Gigatribe will be retrieved and examined. Emails and the Internet are the cornerstones of consumer and business use. Virtually all examinations ranging from corporate to criminal to cybersecurity investigations will involve the interrogation of email and Internet data. Artifacts from the most widely utilized Internet browsers, including Internet Explorer/Edge, Firefox, and Chrome will be analyzed.

By attending OpenText EnCase - Internet based Investigation workshop, delegates will learn:

  • History, operation, and artifacts associated with peer-to-peer file-sharing applications, such as BitTorrent and the Ares Galaxy P2P network
  • How the GigaTribe peer-to-peer software allows its users to chat and share files individually and within groups
  • Operation of the Microsoft Internet Explorer Web browser with regards to typed URLs, password and form-data storage, cookies, Internet history, and cache content
  • How Web pages are constructed and will use this information together with their new-found knowledge of cached Internet Explorer Web content to correctly rebuild Web pages
  • History, operation, and artifacts associated with Mozilla Firefox and Google Chrome
  • Operation of Web search engines
  • Fundamental principles of email operation, how email is sent and received; also how email message data (including attachment data) is encoded and how deleted data may be recovered in certain circumstances
  • Microsoft Outlook PST structure

  • Attend a training on OpenText EnCase - Building an Investigation or equivalent practical experience
The OpenText EnCase - Internet based Investigation class is ideal for:
  • Law Enforcement Officers, Computer Forensic Examiners, Corporate & Private Investigators & Network Security Personnel.

COURSE AGENDA

1

Day 1

  • BitTorrent P2P networks
  • The history of P2P and BitTorrent
  • A practical demonstration of BitTorrent
  • BitTorrent protocol
  • Bencoded data
  • The content of metadata (torrent) files in uTorrent
  • Configuration files
  • Search activity
2

Day 2

  • The Ares Galaxy P2P network
    • Background
    • Installation
    • Initial Setup
    • Features and configuration shared by Ares and LimePro
    • Artifacts
  • GigaTribe introduction and use
    • Origination
    • Mode of operation
    • Membership options
    • Application version and installation
    • Adding contacts
    • Downloading content
    • Examining the download process and data
    • Passwords
    • Chatting
    • User blogs
  • Microsoft Internet Explorer and Edge
    • How computer security concerns have affected the operation of both web browser programs
    • Default browser settings and version identification
    • Registry data, including typed URLs, homepage settings and version identification
    • Cookie files
    • Download folder location, bookmarks and reading-list entries
3

Day 3

  • The nature, content and structure of WebCacheV01.dat Extensible Storage Engine (ESE) database files
  • Determining true visit count of internet history entries stored in WebCachceV01.dat files
  • Recovery of deleted WebCacheV01.dat records
  • Parsing internet data from IndexedDb.edb files, including those used by Cortana
  • Understanding the structure of HTML web pages
    • Role of the web server
    • Web server port numbers
    • Characteristics of a darknet
    • Content storage
    • Static vs. dynamic web pages
    • HTML, CSS and JavaScript
    • Using web browser development functionality to de-obfuscate web pages and hide undesirable content
  • Rebuilding web pages
    • Identifying and rebuilding the component files of a cached website that contains a picture of note
  • Understanding Mozilla Firefox
    • History
    • Impact on forensic examination
    • Structure
    • Examination techniques
4

Day 4

  • Google Chrome
    • History
    • Structure
    • Examination techniques
  • Identifying and processing artifacts associated with web search engines
  • Email fundamentals
    • Introduction to and history of the use of electronic mail, including the three main email protocols
    • Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP)
    • Basic modes of email operation
    • Identification of internet email servers using DNS MX records
    • Sending/receiving email manually and using OpenText EnScriptprograms in order to demonstrate email spoofing and the ability to send/receive email without email client software
    • Email encoding
    • Recovering deleted email attachments
  • Outlook PST files
    • Structure
    • Extraction to view outside of the OpenText EnCase environment
    • Overcoming password protection
    • Understanding and viewing PST data stored using compressible encryption
    • Ancillary files
    • Registry settings

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X