EnCase Forensics ON-LINE

Please note that this is not an asynchronous on-line track. Everyone is expected to log in every day all day according to the Winter Working Connections schedule. This is a synchronous track.


This track is now CLOSED, but you can be added to the "wait list" - if space opens up, you will be notified. Simply choose EnCase "Wait List" on the registration form.

Description

This track will immerse you into forensics using one of the industry’s top tools. Instructors will get an overview of the EnCase Academic program and how to implement it into their classroom. We will go over the foundations of forensics using EnCase and discuss basic concepts and terms. In the Hands on labs we will use EnCase to review the file systems and investigate windows artifacts including the following:
  • Registry Files
  • Link Files
  • Recycle Bin
  • Event logs

We will also talk about EnCase EnScripts, conditions, filters and the EnCase Processor which help you find the information you are looking for fast. By the end of this course you will have the resources to complete your studies to take the EnCE Certification.

Prerequisites

Must be able (Admin) to install VPN software in order to connect to our lab environment. This requires a change to the registry. Must be Windows 7 OS with 8GB of RAM, preferred hardline network connection (not Wi-Fi). Be available one week prior to class in order to test VPN connection.

Instructor

Kristy headshot.jpg
Kristy Livingston, Century College
Kristy worked as a digital forensic examiner for the Division of Criminal Investigation in Wisconsin and Pennington County Sheriff’s Office in Rapid City, South Dakota. Her primary focus was investigation Internet Crimes Against Children (ICAC). She has also worked for Mayo Clinic performing digital investigations for HR, Internal Audit and Legal. Kristy is currently an adjunct professor for Century College teaching Advanced Windows Forensic and EnCase Forensics.

Three Objectives

1. Learn how to implement EnCase into your Digital Forensic course curriculum.
2. Ability to perform investigations using best practices and EnCase as your forensic tool.
3. Prepare to take your EnCase Exam to become an EnCase Certified Examiner (EnCE).

Agenda

Monday
EnCase for Academics - Overview
EnCase Environment
MBR \ FAT
NTFS
Acquisition

Tuesday
EnCase Concepts
Searching - Keywords- Conditions - EnScripts
Searching Review
Signature Analysis - Hashing

Wednesday
Windows Artifacts - Link Files -
Windows Artifacts 2
Investigation Tips and Report Writing
EnCE Certification Study tips

WebEx Directions

Open this document to get instructions for accessing the daily WebEx log-in/dial-in directions. Please note that each day is considered a unique event with a different URL and access code.



This track will immerse you into forensics using one of the industry’s top tools. Instructors will get an overview of the EnCase Academic program and how to implement it into their classroom. We will go over the foundations of forensics using EnCase and discuss basic concepts and terms. In the Hands on labs we will use EnCase to review the file systems and investigate windows artifacts including the following:
· Registry Files
· Link Files
· Recycle Bin
· Event logs

We will also talk about EnCase EnScripts, conditions, filters and the EnCase Processor which help you find the information you are looking for fast. By the end of this course you will have the resources to complete your studies to take the EnCE Certification.