This hands-on course is designed for examiners with advanced computer skills and two or more years of experience working in the field of computer forensics. Participants learn to use some of the more advanced features of EnCase® Forensic version 7 (EnCase v7) while examining operating and file system artifacts from the Microsoft® Windows operating systems. The course demonstrates advanced methods of data recovery and identification and recovery of encrypted data.

This course provides in-depth coverage on topics, including:
  • Advanced techniques for creating and using conditions
  • Examining smartphones with EnCase v7
  • The use of block-based file hash analysis for file recovery
  • Hardware and software RAID technology, acquisition and examination
  • Analysis and recovery of Microsoft Windows event log files
  • Examination of the Microsoft Windows Registry
  • Principles of encrypted data recovery
  • The purpose and function of prefetch files and how to analyze them
  • Various techniques on the examination RAM
  • How to use the Volume Shadow Copy Service (VSS)
  • Recovering data from Zip files and the latest version of Microsoft® Word documents
  • Using Windows® Search to perform index searches
  • Using Windows operating system artifacts to identify the use of removable USB devices
Download Course Syllabus