This hands-on course is designed for examiners with advanced computer forensics skills and two or more years of experience working in the field of computer forensics. Participants learn advanced data recovery techniques of artifacts in many of the file systems supported by EnCase.

Emphasis is placed on file system artifacts and will address technical issues associated with various file systems. This course provides in-depth coverage on topics including:

  • Analysis of NT File System (NTFS) artifacts in Windows operating systems Advanced NTFS data recovery
  • Examination of the Microsoft Windows Registry
  • Analysis and recovery of Microsoft Windows event log files
  • Hardware and software RAID technology, acquisition and examination Principles of encrypted data recovery
  • Understanding and examining Windows BitLocker™ volumes
  • Linux and UNIX operating and file system artifacts
  • Linux partition recovery
  • Data acquisition using Linux
  • Understanding and examination of Macintosh disk and file system structure Forensic examination of Macintosh computers
  • Macintosh OS X® operating system artifacts
  • Reinforcement of the EnCase® computer forensic methodology
  • Introduction to EnScript programming
Download Course Syllabus