[Python-checkins] EnCase Computer Forensics I on March 16-19, 2009
Global Knowledge PH
gki at pldtdsl.net
Mon Mar 9 23:50:59 CET 2009
EnCase® Computer Forensics I
on March 16-19, 2009
Php85,000.00
Inclusive of 12%VAT, Training Materials, Certificate and AM/PM Snack and
Lunch)
Venue: 25th Flr. Unit 2502b West Tower, Philippine Stock Exchange,
Ortigas Center Pasig City
CPE credits: 32
Level: Introductory
Prerequisites: Basic computer skills. Advance preparation for this
course is not required.
Delivery method: Group-Live & Instructor Led
Course Description: This hands-on course involves practical exercises
and real-life simulations. The class provides participants with an
understanding of the proper handling of digital evidence from the
initial seizure of the computer/media to acquisition, and then
progresses to the analysis of the data. It concludes with archiving and
validating the data.
Day 1
Day one starts with an introduction to EnCase® Forensic v6 and
examination methodology. Attendees are shown how to use EnCase Forensic
to acquire a complete copy of the data from a removable disk in a
forensically sound manner. The concept of digital evidence and how
computers work (paying particular regard to the associated impact on
forensic examination) are also included.
The main areas covered:
. EnCase Forensic methodology
. Navigating within the EnCase Forensic environment
. EnCase Forensic concepts
. Understanding the concept of digital evidence and its impact
on an investigation
. The basics of acquiring a forensically sound copy of data
from a removable disk
. Understanding how computers work
Day 2
Day two expands upon the information provided in day one, and begins
with a detailed discussion of the FAT file systems as well as an
overview of the NT file system. Hard disk acquisition is covered, using
both a forensically sound Linux CD, as well as the use of a hardware
write-blocking device. Attendees will learn how to properly preview a
computer system prior to acquisition as well as explore keyword
searching and bookmarking of relevant data.
The main areas covered:
. NT/FAT File Systems
. Acquisition of a hard disk
Day 3
Day three includes more complex bookmarking of data. Instruction is
given on the use of file signatures to properly identify file types. The
principal and practical usage of digital fingerprints (hash value) to
identify files of interest and exclude known files is also covered.
Attendees will install external viewers within EnCase Forensic and learn
how to copy data from within an evidence file. Restoring an evidence
file back to physical media is also covered.
The main areas covered on Day 3 include:
. File types
. Reviewing search hits and bookmarking
. Signature analysis
. Hash analysis
. Installing external viewers
. Detailed copy/UnErase options
. Restoring evidence
Day 4
Day four explores how to reacquire evidence in order to modify
evidence-file parameters but still maintain data integrity. Attendees
are given advice and guidance for archiving as well as instruction on
how to restore and open an archived case. Attendees will observe first
hand how EnCase Forensic can detect and identify any changes to the
content of an evidence file. Practical instruction will then be given
concerning the use of the Timeline viewer within EnCase Forensic and the
recovery of deleted data from the unallocated space of a computer disk.
Following this the importance of proper evidence handling will be
discussed with the attendees being shown examples of good practice in
this area.
The main areas covered on Day 4 include:
. Archiving and reopening an archived case
. Verification of an evidence file
. Timeline view
. Location and recovery of evidence in unallocated space
. The importance and practicalities of evidence handlingTM
Guidance Software, Inc. is registered with the National Association of
State Boards of Accountancy (NASBA) as a sponsor of continuing
professional education on the National Registry of CPE Sponsors. State
boards of accountancy have final authority on the acceptance of
individual courses for CPE credit. Complaints regarding registered
sponsors may be addressed to the National Registry of CPE sponsors, 150
Fourth Avenue North, Nashville, TN, 37219-2417. Web site: www.nasba.org
About Guidance Software (GUID)
Guidance Software is recognized worldwide as the industry leader in
digital investigative solutions. Its EnCase® platform provides the
foundation for government, corporate and law enforcement organizations
to conduct thorough, network-enabled, and court-validated computer
investigations of any kind, such as responding to eDiscovery requests,
conducting internal investigations, responding to regulatory inquiries
or performing data and compliance auditing - all while maintaining the
integrity of the data. There are more than 27,000 licensed users of the
EnCase technology worldwide, and thousands attend Guidance Software's
renowned training programs annually. Validated by numerous courts,
corporate legal departments, government agencies and law enforcement
organizations worldwide, EnCase has been honored with industry awards
and recognition from eWEEK, SC Magazine, Network Computing, and the
Socha-Gelbmann survey. For more information about Guidance Software,
visit www.guidancesoftware.com
ENROLL NOW!
GLOBALKNOWLEDGE PHILIPPINES INC.
25th flr. Unit no. 2502b West Tower Philippine Stock Exchange, Ortigas
Center Pasig City, 1605 Philippines
Tel. No. (632) 683-0969 / 637-3657 Mobile: +63 920-709-8298
Email: sandra at globalknowledgeph.com YM: sandra_medalla at yahoo.com
URL: www.gkphilippines.com
If you have received this email by mistake, kindly accept our apologies
and send a blank email with the word "remove" in the subject line to
sandramedalla at gmail.com. Thank you.
_____
<http://www.globalknowledgeph.com/Remove/?email=python-checkins@python.o
rg>
If you want to unsubscribe from this mailing list. Please Click it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-checkins/attachments/20090309/45bee2a7/attachment-0001.htm>
More information about the Python-checkins
mailing list