DF320 - Advanced Analysis of Windows Artifacts with EnCase

Interested in a Learning Subscription?  Learn More           Have questions about training?   Contact us

Duration: 4 Days

**Formerly EnCase Advanced Computer Forensics

This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.

Delivery method: Group-Live. NASBA defined level: advanced.

CPE Credits - 32

This course provides in-depth coverage on topics, including:

  • Understanding SQLite databases and querying their data
  • Recovering deleted SQLite data
  • The use of block-based file hash analysis for file recovery
  • Examination of the Microsoft Windows Registry
  • Analyzing Userassist and ShellBag registry data
  • The purpose and function of prefetch files and how to analyze them
  • Analyzing Windows system databases
  • Understanding and examination of the Windows timeline
  • Understanding and examining of the System Resource Usage Monitor Database
  • Identifying Windows notifications and how they can be customized
  • Understanding how the system resource usage monitor is implemented
  • Examination and recovery of Windows event logs
  • Examination of Volume Shadow Copy (VSC) and File History data
  • Identification and recovery of encrypted data
  • Understanding how BitLocker is implemented and the options for recovery and searching
  • Examination RAM using MemProcFS
  • Low-level data recovery from Zip files and the latest version of Microsoft Word documents
  • Hardware and software RAID technology, acquisition, and examination

Course Syllabus

Audience

This course is intended for law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the curriculum included in the DF210-Building an Investigation course, continuing with a focus on file and operating system examinations.

Prerequisites

DF210 - Building an Investigation with EnCase or EnCE Certification.

Pricing

Format Currency Price
Per Student 3,000.00
Per Student GBP 2,400.00
Per Student USD 3,200.00

Taxes: All prices exclude VAT or other taxes where applicable (all currencies).

Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.

Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.

Course and workshop calendar

Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.

Start Date End Date Start Time TimeZone Session Duration Language Location Price Currency Guaranteed To Run Add
Jan 28, 2025 Jan 31, 2025 08:00 (UTC+00:00) Europe/London (GMT) Full Day English Virtual Classroom - Europe GSI UK Time 2,400.00 GBP Add to cart
Jan 28, 2025 Jan 31, 2025 08:00 (UTC+00:00) Europe/London (GMT) Full Day English GSI-Reading, UK 2,400.00 GBP Add to cart
Feb 04, 2025 Feb 07, 2025 08:00 (UTC-05:00) America/New_York (EST) Full Day English Virtual Classroom - North America GSI Eastern Time 3,200.00 USD Add to cart
Mar 25, 2025 Mar 28, 2025 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English Virtual Classroom - North America GSI Pacific Time 3,200.00 USD Add to cart
Mar 25, 2025 Mar 28, 2025 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English GSI-Pasadena, CA 3,200.00 USD Add to cart
Apr 01, 2025 Apr 04, 2025 08:00 (UTC+02:00) Europe/Paris (CEST) Full Day English Munich_Grasbrunn - OpenText 3,000.00 EUR Add to cart
May 13, 2025 May 16, 2025 08:00 (UTC+01:00) Europe/London (BST) Full Day English Virtual Classroom - Europe GSI UK Time 2,400.00 GBP Add to cart
May 13, 2025 May 16, 2025 08:00 (UTC+01:00) Europe/London (BST) Full Day English GSI-Reading, UK 2,400.00 GBP Add to cart
Jun 24, 2025 Jun 27, 2025 08:00 (UTC-04:00) America/New_York (EDT) Full Day English Virtual Classroom - North America GSI Eastern Time 3,200.00 USD Add to cart
Jun 24, 2025 Jun 27, 2025 08:00 (UTC-04:00) America/New_York (EDT) Full Day English GSI-Gaithersburg, MD 3,200.00 USD Add to cart