DF210 - Building an Investigation with EnCase
Duration: 4 Days
**Formerly Computer Forensics II
This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the OpenText™ EnCase™ software (EnCase). This course builds upon the skills covered in the DF120–Foundations in Digital Forensics course and enhances the examiner's ability to work efficiently using the unique features of EnCase. During this course, students will build an investigation using analysis techniques, such as recovering deleted volumes, registry analysis, Recycle Bin examination, and examining compound files. Other analysis techniques, such as searching unallocated clusters, parsing current Windows artifacts, examining email and Internet artifacts, and analyzing USB device artifacts will be included.
Students must understand EnCase Forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating, and using EnCase bookmarks, file signature analysis, and exporting evidence.
Delivery method: Group-Live. NASBA defined level: intermediate.
CPE Credits - 32
Focusing on commonly conducted investigations, students will learn the following:
- How to identify and open a volume that was encrypted using Windows BitLocker™
- How to locate and recover deleted partitions
- How to deal with compound file types
- How to determine time zone offsets and properly adjust for the time zone in EnCase
- About the Windows® Registry
- How to create and use conditions for effective searching
- About the ExFAT and NT file system through an overview of the systems
- How to identify Window system artifacts, such as the User folders, pagefile.sys, Recycle Bin, and other folders
- How to locate and examine shortcut files
- How to identify and recover data relating to the use of removable USB devices
- How to recover data from the Recycle Bin
- How to conduct a search for email and email attachments
- How to examine email and Internet artifacts
- How to employ the EnCase Media Analyzer during an investigation
- How to employ GREP operators to enhance searching techniques
- How to recover artifacts from the print spooler
- How to search and recover files from unallocated space
- How to use the EnCase Physical Disk Emulator (PDE) Module
- How to create reports to present investigation findings
Audience
This course is intended for cybersecurity professionals, litigation support, and forensic investigators.
Prerequisites
DF120 – Foundations in Digital Forensics with EnCase
Participants should have attended the EnCase course, DF120–Foundations in Digital Forensics.
Pricing
Format | Currency | Price |
---|---|---|
Per Student | € | 3,000.00 |
Per Student | GBP | 2,400.00 |
Per Student | USD | 3,200.00 |
Taxes: All prices exclude VAT or other taxes where applicable (all currencies).
Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.
Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.
Course and workshop calendar
Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.
Start Date | End Date | Start Time | TimeZone | Session Duration | Language | Location | Price | Currency | Guaranteed To Run | Add |
---|---|---|---|---|---|---|---|---|---|---|
Jan 14, 2025 | Jan 17, 2025 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | GSI-Reading, UK | 2,400.00 | GBP | ✔ | Add to cart |
Jan 14, 2025 | Jan 17, 2025 | 08:00 | (UTC-05:00) America/New_York (EST) | Full Day | English | Virtual Classroom - North America GSI Eastern Time | 3,200.00 | USD | ✔ | Add to cart |
Jan 14, 2025 | Jan 17, 2025 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | Virtual Classroom - Europe GSI UK Time | 2,400.00 | GBP | ✔ | Add to cart |
Feb 04, 2025 | Feb 07, 2025 | 08:00 | (UTC-08:00) America/Los_Angeles (PST) | Full Day | English | Virtual Classroom - North America GSI Pacific Time | 3,200.00 | USD | Add to cart | |
Feb 04, 2025 | Feb 07, 2025 | 08:00 | (UTC-08:00) America/Los_Angeles (PST) | Full Day | English | GSI-Pasadena, CA | 3,200.00 | USD | Add to cart | |
Mar 18, 2025 | Mar 21, 2025 | 08:00 | (UTC+01:00) Europe/Paris (CET) | Full Day | English | Munich_Grasbrunn - OpenText | 3,000.00 | EUR | Add to cart | |
Apr 08, 2025 | Apr 11, 2025 | 08:00 | (UTC+01:00) Europe/London (BST) | Full Day | English | Virtual Classroom - Europe GSI UK Time | 2,400.00 | GBP | Add to cart | |
Apr 08, 2025 | Apr 11, 2025 | 08:00 | (UTC+01:00) Europe/London (BST) | Full Day | English | GSI-Reading, UK | 2,400.00 | GBP | Add to cart | |
May 06, 2025 | May 09, 2025 | 08:00 | (UTC-04:00) America/New_York (EDT) | Full Day | English | Virtual Classroom - North America GSI Eastern Time | 3,200.00 | USD | Add to cart | |
May 06, 2025 | May 09, 2025 | 08:00 | (UTC-04:00) America/New_York (EDT) | Full Day | English | GSI-Gaithersburg, MD | 3,200.00 | USD | Add to cart | |
Jun 10, 2025 | Jun 13, 2025 | 08:00 | (UTC-07:00) America/Los_Angeles (PDT) | Full Day | English | Virtual Classroom - North America GSI Pacific Time | 3,200.00 | USD | Add to cart | |
Jun 10, 2025 | Jun 13, 2025 | 08:00 | (UTC-07:00) America/Los_Angeles (PDT) | Full Day | English | GSI-Pasadena, CA | 3,200.00 | USD | Add to cart |