EnCase v6 Computer Forensics Philippines
Saved (0) | History (40)
Categories |

EnCase v6 Computer Forensics

1731 views | 0 post
Expire On: January 5, 2010 05:20PM

Advertisement Details

EnCase v6 Computer Forensics
Advertisement ID :
807541
Category : Computers and Software
Location : Mandaluyong City, Metro Manila
Ads Classification : Establishment
Address : unit 107 g/f, beacon plaza. cor.ideal st, shaw blvd mandaluyong city
Date Updated : November 6, 2009 (posted October 21, 2008)
Short URL : http://sulit.com.ph/807541

[ Save Ads | Get Embed Code | Bookmark | Twitter | Tell a Friend | Report ]

Description

"Global Knowledge IT Provider"
EnCase® v6 Computer Forensics
Inclusive of Training Materials,

 Certificate and AM/PM Snack and Lunch)
Venue:unit 107 g/f, beacon plaza. cor.ideal st, shaw blvd mandaluyong city
CPE credits: 32 | Level: Introductory | Prerequisites: Basic computer skills. Advance preparation for this course is not required.
This hands-on course involves practical exercises and real-life simulations. The class provides participants with an understanding of the proper handling of digital evidence from the initial seizure of the computer/media to acquisition, and then progresses to the analysis of the data. It concludes with archiving and validating the data. Delivery method: Group-Live.

Students attending this course will learn the following:
What constitutes digital evidence and how computers work
An overview of the EnCase Computer Forensic Methodology
Basic structures of the FAT and NTFS file systems
How to create a case and how to preview/acquire media
How to conduct basic keyword searches
How to analyze file signatures and view files
How to restore evidence
How to archive files and data created through the analysis process
How to prepare evidence for presentation in court
How to verify the evidence file
WHO SHOULD ATTEND
This course is intended for IT security professionals, litigation support and forensic investigators Participants may have minimal computer skills and may be new to the field of computer forensics.
DAY 1 OUTLINE
DAY 2 OUTLINE
ØEnCase Concepts
·Case File
·Evidence File
·Case File Backup
·Configuration Files
ØWhat constitutes Digital Evidence
·Computers as an instrumentality of the crime
·Computers as a repository of evidence
·Examples of mediums of storing digital evidence
ØHow Computer Works
·Power Sequence
oBIOS
oPOST
oEtc.
·Bits/Bytes/Hex/Binary
ØEncase Navigation
ØDiskette Preview / Acquisition
·Create Case
·Options
Day one provides an understanding of the proper handling of digital evidence from seizure to acquisition. Students receive a basic overview of how computers function, as well as the constitutes digital evidence
ØNTFS/FAT File Systems
·How these file systems track data
·What happens when a file is created
·What happens when a file is deleted
ØCreating a Boot Disk
·Why a forensically sound boot disk is needed
·Components of a forensically sound boot disk
ØHard Drive Preview and Acquisitions
·Physical disk versus logical drive
·Fastbloc
·DOS based via disk to disk
·DOS based via crossover cable
ØCreation of Keywords and Searching
·Global versus Case Specific
·Selecting Keywords
·Selecting where/what to search
·Viewing results
ØBookmarking/Preserving Findings
·Highlighting sections of data
·Pointing to file(s)
Day two begins with a discussion of the FAT file systems as well as an overview of the NT file system. Hard disk acquisition is covered, using both a forensically sound boot diskette, as well as a hardware write blocking device. Attendees will learn how to properly preview a computer system prior to acquisition, as well as explore keyword searching and bookmarking of relevant data.
DAY 3
DAY 4
ØFile Types
·Icons/Description column
ØBookmarking Techniques
·Pointing to file(s)
·Comments
·Organizing Report
ØSignature Analysis
·Search Button
·All or Selected
·Compares Extension to Header
·Interpreting results
ØInstalling External Viewers
·Link Application to EnCase
·Can link file extensions to Application
ØCopy/Unerase Options
ØRestoring Evidence
ØReacquiring an Evidence File
·Don't need original hardware to change options
·Quick Reacquisition
Day three includes more complex bookmarking of data, and examination of file signatures to accurately identify file types. Attendees will install external viewers within EnCase and learn how to copy data from within an evidence file. Students learn how to
restore an evidence file back to physical media and reacquire an evidence file with different options.
ØArchiving/Reopening an Archived Case
·What to archive
·Specify path to EnCase of Evidence file to reopen case
ØVerification of Evidence File
·Change 1 bit; EnCase detects change
·Manually re-verify at any time
ØTimeline
·Define four Date/Time stamps
ØWindows Artifacts
·User Accounts
·Recently Accessed Files
·Internet Cache
·Desktop/My Documents
ØSearching Unallocated Space
·Use file header for image
·Display image
Day four explores how to archive a completed case, as well as how
to reopen this case if needed in the future. Attendees will observe
how EnCase can detect and identify any changes to the content
of an evidence file, as well as take a detailed look at the Timeline
view within EnCase. Pertinent areas of interest within the Windows
operating system and user accounts are explored as well as locating
data in unallocated space.
EnCase® v6 Computer Forensics II on dec 14-17 2009
Fee: $1,200.00 12%VAT(Inclusive of Training Materials, Certificate and AM/PM Snack and Lunch)
Venue:unit 107 g/f, beacon plaza. cor.ideal st, shaw blvd mandaluyong city
CPE credits: 32 | Level: Intermediate | Prerequisites: EnCase® Computer Forensics I. Advance preparation for this course is not required.
This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase forensic software. This course builds upon the skills covered in the EnCase Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase.
*Students must understand evidence handling; the structure of the evidence file; creating and using case files; data acquisition methods including DOS based, hardware write protected, crossover cable and disk to disk; recovering deleted files and folders in a FAT environment; keyword searches across logical and physical media; creating and using EnCase bookmarks; file signatures and signature analysis; and locating and understanding Windows® artifacts. Delivery method: Group-Live.

Focusing on investigations common to the private sector, students will learn about the following:
How to create and use of logical evidence files
How to locate and recover deleted partitions and folders
How to conduct keyword searches and advanced searches using GREP
Students will gain an understanding of the EnCase Virtual File System (VFS) and Physical Disk Emulator (PDE)
Students will learn about the Windows® Registry
Students will learn how to deal with compound file types
How to export files, directories and entire volumes
How to identify files using hash values and building hash libraries
How to identify Windows XP operating system artifacts such as link files, recycle bin, and user folders
How to prepare reports and evidence for presentation in court
How to recover artifacts such as swap files, file slack, and spooler files
How to recover printed and faxed pages
WHO SHOULD ATTEND
This course is intended for IT security professionals, litigation support and forensic investigators. Participants should have attended the EnCase Computer Forensics I.
DAY 1
DAY 2
ØHow the EnCase Evidence File is Stored and Verified
ØEncase Forensic Edition Overview
·Data flow
·Navigating EnCase
ØLogical Evidence Files
·What are they?
·Why would I use them?
·How to create them
ØSingle Evidence Files
·What are they?
·Why would I use them?
·How to create them
ØSoftware Write Protection
·Fast Bloc SE
ØIntroduction to NTFS
·Understanding the Windows® New Technology File System
ØHandling Formatted or Repartitioned Media
ØPartition recovery
·Folder Recovery
Day one provides an understanding of EnCase concepts. Students will learn how an evidence file is acquired, verified, added to a case, and stored. They will learn how to create and use logical evidence files and single evidence files. Students will receive hands-on imaging training using FastBloc SE.
ØHash Analysis
·Using file hashes to improve accuracy and efficiency
ØCompound files
·An overview of compound files
·Mounting compound files
·Searching compound file types
Ø- Windows Registry
·Appropriate keywords
·How EnCase searches the evidence file
ØVFS / PDE
·Using Virtual File System
·Using Physical Disk Emulator
ØUsing GREP to focus searches. GREP allows the examiner to create concise keywords using control characters, reducing false positives and increasing efficiency.
Day two introduces the students to the process of analyzing the evidence. The hashing of files both as a means of identification and as a tool to speed up the searching process is covered.
Students also take a first look into the Windows Registry and learn how, why and when to use VFS and PDE. We continue to build on the students' skill sets, moving from general keyword
searches and file type analysis to advanced keyword searches using GREP.
DAY 3
DAY 4
ØQuickly locating file system artifacts unique to the NTFS file system
ØDe-constructing link files to reveal artifacts that indicate the who, what, when and where of file manipulation.
ØE-mail recovery and examinations including Microsoft Outlook, Outlook Express and
Øweb based e-mail.
ØRecovering and analyzing e-mail attachments
ØInternet history concepts and analysis using Internet Explorer
ØUnderstanding and recovering documents that have been printed
ØRecycle Bin analysis to reveal important information about deleted files
Day three moves to specific analysis of common artifacts that cannot normally be locatedthrough keyword searches. This analysis can often provide vital information to investigations by
revealing data that can provide a clear indication of a user's activities. We look at how EnCase handles common e-mail files and Internet history.
ØHandling and acquiring Flash Memory and artifacts
ØReporting
·How and what to report after the investigation is completed
·Using bookmarks we created to prepare a written report within the EnCase interface
·Exporting the report in an HTML or other format
On day four students learn how to utilize all of the techniques from the previous days to create a
readable, coherent report using EnCase.
GLOBALKNOWLEDGE PHILIPPINES, INC.
unit 107 g/f, beacon plaza. cor.ideal st, shaw blvd mandaluyong city
                   Tel No. 721-4380/393-8400






Tags: extrem ccna program, building scalable cisco internetworks, bgp border gateway protocol, cisco wireless lan advance topic, cisco ace family,

Automatic Keywords: encase forensic version 6 download, encase 6 rapidshare, download encase forensic, encase forensic rapidshare, download encase v6, encase v6 download, encase 6 download, virtual forensic computing rapidshare, encase gsm gateway, encase v6 rapidshare

Posted By

Posted by : stanleyvillaflor
Member Since : October 20, 2008
Last Login : November 14, 2009 08:10PM
Feedback : no feedback yet

Contact Details

Address : , Metro Manila - Mandaluyong City
Contact Nos. : 721-4380, 09286761481
Look For : stanley


Advertisement Discussion

Leave a message for the advertisement owner here (for members only). [ RSS Discussion RSS Feeds ]

No Public Message Yet

Disclaimer: Sulit.com.ph does not control the content posted by members and therefore assumes no responsibility and disclaims any liability for any consequence relating directly or indirectly to any action or inaction you take based on the content, information, services or other materials found in this system [ more details ]

[ Back to top ]
Go To: Advertisement Details | Description | Posted By | Contact Details | Advertisement Discussion
Home > All Categories > Establishments / Business Locator > Computers and Software

  • FM Converter/Rechannel for Japan Ver. Stereo | Accessories / Parts for Cars / SUVs / Trucks / Vans | For Sale | P 500.00
  • LEGO 10193 Castle - Medieval Market Village (2009) (limited time offer!) | Toys and Playthings | For Sale | P 8,800.00
  • Canon Powershot S3 IS | Camcorders / Cameras | For Sale | P 14,000.00
  • HONDA XRM | Motorcycles / Scooters | For Sale or For Swap | P 40,000.00
  • LEGO 7097 Castle - Trolls' Mountain Fortress (2009) (limited time offer!) | Toys and Playthings | For Sale | P 8,320.00
  • (Work at home) earn money writing articles | Internet / Online Programs | Offered | P 100.00
  • MASSAGE SERVICES | Health Care | Offered
  • Orig Nokia 6300 Red | Cellphone / Cellular / Mobile Phone / Smartphone | For Sale | P 3,000.00
  • Money Concerns | Talks / Workshops / Seminars | Free
  • LEGO 7079 Castle - Drawbridge Defense (2009) (limited time offer!) | Toys and Playthings | For Sale | P 3,200.00
  • Mountain Bike GTS M5 Best Buy | Camping and Biking | For Sale | P 10,000.00
  • Mario D' Boro (Size 8.5 Brand New) | Shoes and Footwear | For Sale | P 500.00
  • Starbucks Planner 2010 For Sale | Souvenirs and Giveaways | For Sale | P 1,000.00
  • credit card ba? dito na sa siguradong aprubado ka! | Loans | Offered
  • Goji Beeren Kaufen Goji Beere - Klicken hier! | Vitamins / Supplements | For Sale
  • megaworld projects | Apartment / Condominium | For Sale | P 8,500,000.00 | 1 post | 68 views
  • SLIMINA Slimming Pills: Safe Way to Lose Weight Fast. See TESTIMONIALS & PROMOTIONS | Weight Loss | For Sale | P 990.00 | 4 posts | 3921 views
  • Storekeeper/Warehouseman Jobs Abroad For Filipinos | International | Available Jobs | 1 post | 114 views
  • 1994 lancer el 115t very rare condition | Cars / Sedan | For Sale | P 115,000.00 | 2 posts | 155 views
  • LESS 50%OFF CRUMPLER BAG | Luggages / Bags | For Sale | P 1,880.00 | 5 posts | 541 views
  • 4months Puppy Shitzu male Pogi/cute dog | Dogs | For Sale | P 8,000.00 | 6 posts | 225 views
  • laptop neo (yellow) repriced, open for swap | Notebooks / Laptops | For Sale or Swap | P 20,399.00 | 50 posts | 1720 views
  • Crumpler Bags For Sale - Original and Brand New | Luggages / Bags | For Sale | P 3,000.00 | 3 posts | 152 views
  • Modular Cabinets | Architecture | Offered | 2 posts | 658 views
  • 50k outright discount- makati condo-For as low as 9 thousand a month for studio and 15k... | Apartment / Condominium | For Sale | 1 post | 1422 views
  • AGM M4 RIS GBB (See pics inside) | Airsoft (AEG) | For Sale or Swap | P 6,500.00 | 3 posts | 289 views
  • 11 storey Building in Makati City (FOR SALE) | Commercial / Industrial | For Sale | P 700,000,000.00 | 1 post | 172 views
  • █►LOSE WEIGHT NOW W/ HERBALIFE!!!◄█ | Weight Loss | For Sale | P 1,391.00 | 165 posts | 70711 views
  • Vintage 1960's Zildjian Hihat cymbals 14" | Percussion Instruments | For Sale | P 35,000.00 | 2 posts | 97 views
  • FS: Nikon 18-55 nonVR and Nikon 55-200VR (rush) | Camcorders / Cameras | For Sale | P 12,500.00 | 6 posts | 339 views
  • House&Lot in Dasma Cavite FOR SALE(Ready for Occupancy) - Dasmarinas | House | For Sale | 0 post | 51778 views
  • █►BRAND NEW Midi DVD Videoke with 46,900 songs | VCD / DVD / Blu-ray Players | For Sale | P 2,500.00 | 12 posts | 3958 views
  • SALUTA Glutathione Injection with FREE Vitamin C Injectable and more - VISIT OUR SHOPS | Skin Care | For Sale | P 3,500.00 | 1 post | 2527 views
  • Sobrang Ganda at Murang Murang Bahay sa ANTIPOLO..!! Thru Pag-IBIG.. P9616/month lang!!... | House | For Sale | P 1,312,000.00 | 0 post | 5259 views
  • █►LOSE WEIGHT NOW W/ HERBALIFE!!!◄█ | Weight Loss | For Sale | P 1,391.00 | 165 posts | 70711 views
  • For Sale CONDOMINIUM | Apartment / Condominium | For Sale | P 2,500.00 | 0 post | 975 views
  • ANTI-PIMPLE KIT / ANTI-AGING wholesale @ P278 | Skin Care | For Sale | P 480.00 | 4 posts | 858 views
  • i need 600m z-y-n-g-a facebook poker chips for 10k | Coins / Currency | Wanted to Buy | 0 post | 12 views
  • FOUNTAIN BREEZE FURNISHED Condominium FOR RENT | Apartment / Condominium | For Rent / Lease | P 11,500.00 | 0 post | 2552 views
  • FUEL SAVER | Accessories / Parts for Cars / SUVs / Trucks / Vans | For Sale | P 100.00 | 15 posts | 4784 views
  • █►LOSE WEIGHT W/ HERBALIFE! FREE DELIVERY NATIONWIDE!!!◄█ | Weight Loss | For Sale | 23 posts | 21398 views
  • food cart franchise | Franchising | Offered | P 21,888.00 | 6 posts | 4951 views
  • studio type,CONDO- KASSEL RESIDENCES- near SM fairview and ROBINSON | Apartment / Condominium | For Sale | 0 post | 9657 views
  • BAND REHEARSAL STUDIO 140 PER HOUR (PEARL SESSION SERIES) w/ 11 cymbals | Arts / Entertainment | Offered | 0 post | 64 views
  • Customized Payroll System | Software | For Sale | 0 post | 2721 views

Download Sulit.com.ph Toolbar

Sulit.com.ph Toolbar

Help Us Spread the Word About Sulit.com.ph

If you have a website or blog, you can help us spread the word about our great community here. More people discovering our community means more people viewing your ads and more possible clients. You can use the HTML code below to display the Sulit.com.ph Banner.
Buy and Sell Philippines : Sulit.com.ph

Who is Online Online Users

11116 users online: 383 members [ view all ] and 10733 guests

[ Back to top ]
Register Now
Post a Free Ad
Premium Ads
Featured Item/Member
Shout Ads
Shout Your Ads
kuneknek
CRAVING for PASTRIES and CAKES? PM me [view]
1 hour, 55 minutes ago
golbi
Be the Upline of the PIONEERS!!! Your DLC business at P400 [view]
2 hours, 47 minutes ago
elabiz06
Php865T may H&L ka na sa Bulacan. Malapit na ito sa QC & Manila. Sulit ka dito. [view]
3 hours, 1 minute ago
erikeleria
Small Capital Food Cart Franchise Business for only P29,900! [view]
3 hours, 42 minutes ago
Sabras
Free call center Readiness seminar every Friday [view]
4 hours, 14 minutes ago
T1Ajai
KUMITA NG $125 within 24 HRS. unbelievable but its true.... [view]
4 hours, 18 minutes ago
bussinessnifloren
"NO QUALIFICATION" We Need 10 PEOPLE who want to earn P10K-20K/MONTH 3hrs Read.. [view]
4 hours, 41 minutes ago
erikeleria
Small Capital Food Cart Franchise Business for only P29,900! [view]
4 hours, 48 minutes ago
miclan22
gusto mo ba kumita ng unlimited extra income tulad ko? click me. [view]
4 hours, 50 minutes ago
franzperfume
PERFUME BUSINESS @ P1,500.00 CAPITAL & BE YOUR OWN BOSS!!! [view]
4 hours, 53 minutes ago
rholly1975
Neswepamar Condominium for sale in Batangas City - negotiable price [view]
6 hours, 19 minutes ago
corsm25
Earn $125 in 24 hours. This is true! SIGN UP FOR FREE [view]
6 hours, 29 minutes ago
elabiz06
Php779T may CONDO ka na sa QC. Malapit pa ito sa SM at TRINOMA. Sulit ka dito. [view]
7 hours, 16 minutes ago
brokerods
█►RENT TO OWN YOUR CONDOMINIUM HOME AND TOWNHOUSE IN METRO MANILA◄█ [view]
7 hours, 24 minutes ago
emobevs
webhosting 900pesos a year FREE DOMAIN NAME www.pinoywebpro.com 09195153220 [view]
7 hours, 47 minutes ago
imdaghost
FS ipod touch 32gb!itouch!.., [view]
8 hours, 13 minutes ago
imdaghost
FS ipod touch 32gb!itouch!.., [view]
8 hours, 13 minutes ago
lustivachristine
Earn money While your Surfing..Here's How.. [view]
9 hours, 14 minutes ago
dynamicIndividuals
Low-cost townhouse Imus Cavite-Ready for occupancy,flood-free! [view]
9 hours, 32 minutes ago
deal
Be a Pioneer!Nectura-Philippines sa January na! [view]
10 hours, 3 minutes ago
News / Announcements
More News / Announcements
Sulit Statistics
Total Members: 534572
Registered Last 24 Hours: 698

Total Ads Posted: 1794786
Posted Last 24 Hours: 2178

Total Ads Messages: 1925696
Posted Last 24 Hours: 2567

Total Private Messages: 3424921
Sent Last 24 Hours: 5053

Total Forum Posts: 2868221
Posted Last 24 Hours: 6235

Updated every 5 minutes
Follow Sulit.com.ph on Twitter
Sulit.com.ph
Proudly Pinoy
EnCase v6 Computer Forensics extrem ccna program, building scalable cisco internetworks, bgp border gateway protocol, cisco wireless lan advance topic, cisco ace family, - Computers and Software Mandaluyong City Metro Manila encase forensic version 6 download, encase 6 rapidshare, download encase forensic, encase forensic rapidshare, download encase v6, encase v6 download, encase 6 download, virtual forensic computing rapidshare, encase gsm gateway, encase v6 rapidshare Philippines