| Advertisement ID | : | 1094336 |
| Category | : | Computers and Software |
| Location | : | Pasig City, Metro Manila |
| Ads Classification | : | Establishment |
| Address | : | philippines stock exchange exchange rd. pasig city |
| Date Updated | : | 2 hours, 16 minutes ago (posted January 26, 2009) |
| Short URL | : | http://sulit.com.ph/1094336 |
| DAY 1 OUTLINE | DAY 2 OUTLINE |
| ØEnCase Concepts ·Case File ·Evidence File ·Case File Backup ·Configuration Files ØWhat constitutes Digital Evidence ·Computers as an instrumentality of the crime ·Computers as a repository of evidence ·Examples of mediums of storing digital evidence ØHow Computer Works ·Power Sequence oBIOS oPOST oEtc. ·Bits/Bytes/Hex/Binary ØEncase Navigation ØDiskette Preview / Acquisition ·Create Case ·Options Day one provides an understanding of the proper handling of digital evidence from seizure to acquisition. Students receive a basic overview of how computers function, as well as the constitutes digital evidence | ØNTFS/FAT File Systems ·How these file systems track data ·What happens when a file is created ·What happens when a file is deleted ØCreating a Boot Disk ·Why a forensically sound boot disk is needed ·Components of a forensically sound boot disk ØHard Drive Preview and Acquisitions ·Physical disk versus logical drive ·Fastbloc ·DOS based via disk to disk ·DOS based via crossover cable ØCreation of Keywords and Searching ·Global versus Case Specific ·Selecting Keywords ·Selecting where/what to search ·Viewing results ØBookmarking/Preserving Findings ·Highlighting sections of data ·Pointing to file(s) Day two begins with a discussion of the FAT file systems as well as an overview of the NT file system. Hard disk acquisition is covered, using both a forensically sound boot diskette, as well as a hardware write blocking device. Attendees will learn how to properly preview a computer system prior to acquisition, as well as explore keyword searching and bookmarking of relevant data. |
| DAY 3 | DAY 4 |
| ØFile Types ·Icons/Description column ØBookmarking Techniques ·Pointing to file(s) ·Comments ·Organizing Report ØSignature Analysis ·Search Button ·All or Selected ·Compares Extension to Header ·Interpreting results ØInstalling External Viewers ·Link Application to EnCase ·Can link file extensions to Application ØCopy/Unerase Options ØRestoring Evidence ØReacquiring an Evidence File ·Don't need original hardware to change options ·Quick Reacquisition Day three includes more complex bookmarking of data, and examination of file signatures to accurately identify file types. Attendees will install external viewers within EnCase and learn how to copy data from within an evidence file. Students learn how to restore an evidence file back to physical media and reacquire an evidence file with different options. | ØArchiving/Reopening an Archived Case ·What to archive ·Specify path to EnCase of Evidence file to reopen case ØVerification of Evidence File ·Change 1 bit; EnCase detects change ·Manually re-verify at any time ØTimeline ·Define four Date/Time stamps ØWindows Artifacts ·User Accounts ·Recently Accessed Files ·Internet Cache ·Desktop/My Documents ØSearching Unallocated Space ·Use file header for image ·Display image Day four explores how to archive a completed case, as well as how to reopen this case if needed in the future. Attendees will observe how EnCase can detect and identify any changes to the content of an evidence file, as well as take a detailed look at the Timeline view within EnCase. Pertinent areas of interest within the Windows operating system and user accounts are explored as well as locating data in unallocated space. |
| DAY 1 | DAY 2 |
| ØHow the EnCase Evidence File is Stored and Verified ØEncase Forensic Edition Overview ·Data flow ·Navigating EnCase ØLogical Evidence Files ·What are they? ·Why would I use them? ·How to create them ØSingle Evidence Files ·What are they? ·Why would I use them? ·How to create them ØSoftware Write Protection ·Fast Bloc SE ØIntroduction to NTFS ·Understanding the Windows® New Technology File System ØHandling Formatted or Repartitioned Media ØPartition recovery ·Folder Recovery Day one provides an understanding of EnCase concepts. Students will learn how an evidence file is acquired, verified, added to a case, and stored. They will learn how to create and use logical evidence files and single evidence files. Students will receive hands-on imaging training using FastBloc SE. | ØHash Analysis ·Using file hashes to improve accuracy and efficiency ØCompound files ·An overview of compound files ·Mounting compound files ·Searching compound file types Ø- Windows Registry ·Appropriate keywords ·How EnCase searches the evidence file ØVFS / PDE ·Using Virtual File System ·Using Physical Disk Emulator ØUsing GREP to focus searches. GREP allows the examiner to create concise keywords using control characters, reducing false positives and increasing efficiency. Day two introduces the students to the process of analyzing the evidence. The hashing of files both as a means of identification and as a tool to speed up the searching process is covered. Students also take a first look into the Windows Registry and learn how, why and when to use VFS and PDE. We continue to build on the students' skill sets, moving from general keyword searches and file type analysis to advanced keyword searches using GREP. |
| DAY 3 | DAY 4 |
| ØQuickly locating file system artifacts unique to the NTFS file system ØDe-constructing link files to reveal artifacts that indicate the who, what, when and where of file manipulation. ØE-mail recovery and examinations including Microsoft Outlook, Outlook Express and Øweb based e-mail. ØRecovering and analyzing e-mail attachments ØInternet history concepts and analysis using Internet Explorer ØUnderstanding and recovering documents that have been printed ØRecycle Bin analysis to reveal important information about deleted files Day three moves to specific analysis of common artifacts that cannot normally be locatedthrough keyword searches. This analysis can often provide vital information to investigations by revealing data that can provide a clear indication of a user's activities. We look at how EnCase handles common e-mail files and Internet history. | ØHandling and acquiring Flash Memory and artifacts ØReporting ·How and what to report after the investigation is completed ·Using bookmarks we created to prepare a written report within the EnCase interface ·Exporting the report in an HTML or other format On day four students learn how to utilize all of the techniques from the previous days to create a readable, coherent report using EnCase. |
| Posted by | : | rezej24 |
| Member Since | : | October 2, 2008 |
| Last Login | : | November 7, 2009 09:42AM |
| Feedback | : | 2  100.00% [ 2 -  | 0 -  ] [ Details ] |
| Address | : | holy spirit , Metro Manila - Mandaluyong City |
| Contact Nos. | : | (632) 721-4380 / 382-4903, 09282365557 |
| Look For | : | jezer villaflor |
Discussion RSS Feeds ] 
Secured Login Option (https)
