IR250 – Incident Investigation

This hands-on course focuses on the use of EnCase Endpoint Investigator (EnCase) and other tools to acquire and analyze data in a manner that demonstrates the relevance of various file system, network, and memory-based artifacts in the context of an investigative scenario. Students will examine the different factors that affect incident investigations, including planning, basic forensic principles, and examination and response options. They will observe how failing to take note of important issues and implement suitable policies can lead to weaknesses in IT infrastructure and the loss of evidential data. Conversely students will learn to appreciate the benefits of forward planning, employee education, audit and event logging, and suitable access-control policies. This course is very much focused on the recovery of data for the purposes of an investigation and the context in which said data may prove valuable. Students will participate in practical exercises throughout the course to underscore and drive home the skills taught.

Delivery method: Group-Live.
NASBA defined level: Basic
CPE Credits – 32