Digital Forensics Training

EnCase DFIR350 (formerly EnCase Advanced Internet Examinations)

The training enables the digital investigator to interpret evidence found on the computer of a suspect or victim using EnCase and, among others, goes into the operation of Bit-Torrent P2P networks, the operation of Trojan viruses and the operation of several types of email clients.

For whom is this training intended?
The practice-oriented training is meant for experienced computer users (digital investigators and IT security experts), who already have some experience with EnCase and is part of the ‘Expert series’ by OpenText (previously Guidance Software). In almost all computer investigation email and internet traffic will be found. This underlines the necessity to understand its relevance in a digital investigation.

What will you learn during the training?

  • Backgrounds of PTP and BitTorrent.
  • The operation of BitTorrent and the BitTorrent protocol.
  • The operation of the Gnutella P2P network.
  • The operation of the LimeWire and Bearshare programmes.
  • The background and operation of Trojan Viruses.
  • The use of VFS and PDE to identify and analyse Trojans.
  • How to detect and analyse Keyloggers.
  • The operation and use of Windows LIVE messenger.
  • The operation of Internet History and WebCache.
  • Goal, content and indexing of Internet cookie files.
  • Reconstruction of web pages.
  • Construction and analysis of Outlook PST files.
  • The use of Mozilla Firefox.
  • Lotus Notes analysis with EnCase.