Contact

Trainingen

Forensic Explorer

Forensic Explorer is a digital forensic software tool designed for the preservation, analysis, and presentation of electronic evidence. Primary users of this software are law enforcement, government, military, and corporate investigation agencies. This three-day certified course has been developed to provide training to intermediate and advanced digital forensic investigators to best utilize Forensic Explorer (FEX). Upon course completion, participants will be awarded Forensic Explorer Examiner certification.

Day One

Installation and Case Management

  • Introduction - Forensic Explorer.
  • Key program features.
  • Forensic analysis station - system settings.
  • Configuration and settings.
  • Case management.
  • Dongle activation.
  • Applying maintenance updates to your Wibu dongle.

Forensic Acquisition

  • Write block.
  • GetData’s Forensic Imager.

Creating a Digital Case

  • Adding evidence.
  • Evidence Processor options.
  • Creating new case.
  • Adding and removing additional evidence to a case.

Forensic Explorer Interface

  • Module data views.
  • Customizing layouts.
  • Task Process List.
  • Process Logging and Priority.

Date and Time Verification

  • Date and time analysis computer forensics.
  • FAT, HFS, CDFS file system date and time.
  • NTFS, HFS+ file system date and time.
  • Date and time information in the Windows registry.

Day Two

Case Investigation and Analysis

  • File System module.
  • Custom Views.
  • Categories view.
  • Module Data views summary.
  • Byte Plot and Character Distribution.
  • File Metadata.
  • File Extent.

Keyword and Index Searching

  • Keyword Search - management.
  • Index search.
  • Creating / Searching an index.
  • Search results.
  • Index Search Compound Files.

Reporting

  • Bookmarks.
  • Creating a Report.

Hashing

  • Hash Values.
  • Hash Algorithms.
  • Hash sets.
  • Creating your own hash set.

Day Three

File Signature Analysis

  • File signature analysis.

Data Recovery

  • FAT / NTFS data recovery.
  • File carving.

Email Module

  • Email Units.
  • Microsoft Outlook .PST email.

Registry Module

  • Registry Module.
  • Deleted registry keys.
  • Examining registry files using scripts.

Scripts Module

  • Scripts Module.
  • Managing scripts in the scripts window.
  • Introduction to Scripting.

Shadow Copy

  • Shadow Copy.
  • Examining Shadow Copies With Forensic Explorer.

Mount Image Pro

  • Mount Image Pro.