DF210 – Building an Investigation With EnCase
This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the OpenText™ EnCase™ software (EnCase). This course builds upon the skills covered in the DF120–Foundations in Digital Forensics course and enhances the examiner’s ability to work efficiently using the unique features of EnCase™. During this course, students will build an investigation using analysis techniques, such as recovering deleted volumes, registry analysis, Recycle Bin examination, and examining compound files. Other analysis techniques, such as searching unallocated clusters, parsing current Windows artifacts, examining email and Internet artifacts, and analysing USB device artifacts will be included.
Students must understand EnCase™ Forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating, and using EnCase™ bookmarks, file signature analysis, and exporting evidence.