This course builds upon the skills covered in the DF120 - Foundation of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase™.
This course will build an investigation using analysis techniques, such as recovering volumes, registry analysis and examining compound files. The course progresses through the analysis of Windows artifacts, shortcut link files, Recycle bin, stored internet data and email. This course will assist criminal, corporate and cyber-security analysts.
Students must understand EnCase™ Forensic concepts, the structure of the evidence file, creating and using case files, data acquisition and basic analysis methods.
It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating and using EnCase™ bookmarks, file signatures analysis and exporting evidence.