Linkedin
  • Mon - Fri: 10:00 - 18:00
Contact Us
  • Home
  • /
  • Training
  • /
  • DF320 – Advanced Analysis of Windows Artifacts with EnCase

DF320 - Advanced Analysis of Windows Artifacts with EnCase

**Formerly EnCase Advanced Computer Forensics

Course duration: 4 days

CPE Credits: 32

Delivery method: Group-Live

NASBA defined level: Advanced

Prerequisites: DF210 – Building an Investigation with EnCase or EnCE Certification

Download Syllabus

Full List of Courses Available

Course Overview

This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.

Students attending this course will learn the following:

  • Understanding SQLite databases and querying their data
  • Recovering deleted SQLite data
  • The use of block-based file hash analysis for file recovery
  • Examination of the Microsoft Windows Registry
  • Analyzing Userassist and ShellBag registry data
  • The purpose and function of prefetch files and how to analyze them
  • Analyzing Windows system databases
  • Understanding and examination of the Windows timeline
  • Understanding and examining of the System Resource Usage Monitor Database
  • Identifying Windows notifications and how they can be customized
  • Understanding how the system resource usage monitor is implemented
  • Examination and recovery of Windows event logs
  • Examination of Volume Shadow Copy (VSC) and File History data
  • Identification and recovery of encrypted data
  • Understanding how BitLocker is implemented and the options for recovery and searching
  • Examination RAM using MemProcFS
  • Low-level data recovery from Zip files and the latest version of Microsoft Word documents
  • Hardware and software RAID technology, acquisition, and examination

Audience

This course is intended for law enforcement officers, corporate and private investigators, computer forensic examiners, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the curriculum included in the DF210-Building an Investigation course, continuing with a focus on file and operating system examinations.

Learn more about our training courses

We are excited about your interest in our courses and eager to provide you with all the details you need.

Send us a message via the contact form and we will get back to you as soon as possible.

Send us your enquiries

    CYBER SECURITY EXPERTS IN ASIA-PACIFIC

    Founded in 2010 by a group of industry experts, we work tirelessly to provide security solutions that protects individual and organizations from cyber-attacks.

    SINGAPORE

    • Phone: +(65)6610 3488
    • WhatsApp +(852)9493 3452
    • Address: Hongkong Street, CBD, SG

    HONG KONG

    • Phone: +(852) 9493 3542
    • WhatsApp: +(852) 9493 3542
    • Address: Wing Kut Street, Central HK

    READ OUR BLOG

    Privacy Policy
    Copyright ©  2023 Xione Group