DF210 – Building an Investigation with EnCase Forensic Training

**Formerly EnCase v7 Computer Forensics II

This hands-on course is designed for investigators with solid computer skills, prior computer forensics training, and experience using EnCase Forensic (EnCase). This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner’s ability to work efficiently through the use of the unique features of EnCase. This course will build an investigation using analysis techniques, such as recovering volumes, registry analysis, and examining compound files. The course progresses through the analysis of Windows artifacts, shortcut link files, Recycle Bin, stored internet data, and email. This course will assist criminal, corporate, and cybersecurity analysts.
Students must understand EnCase forensic concepts, the structure of the evidence file, creating and using case files, and data acquisition and basic analysis methods. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting indexed queries and keyword searches across logical and physical media, creating and using EnCase bookmarks, file signature analysis, and exporting evidence.

Delivery method: Group-Live.
NASBA defined level: Intermediate.
CPE Credits – 32