Objectives

This course combines the one-day Digital Forensics with FRED and the four-day of FTK 101.  Additional tools covered and used in class are FTK Imager^TM, Password Recovery Toolkit (PRTK^TM), and Registry Viewer^TM.

Participants will use Exterro products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system   artifacts.

Upon course completion, attendees should be able to:

• Install Exterro software tools
• Create a case, process and analyze documents, metadata, graphics, and e-mails using FTK
• Use bookmarks / check marks to efficiently manage and process a case
• Update / customize the KFF database
• Manage evidence using file filters
• Perform searches using regular expressions and imported search lists
• Carve unallocated disk space
• Create and customize reports
  
• Gain practical experience with FTK indexing
  
• Create custom dictionaries using the FTK indexing
  
• Create regular expressions
• Use Registry Viewer to locate evidentiary information in Windows
• Integrate Registry Viewer with FTK
• Recover forensic information from Recycle Bin
• Recovery forensic information from various Windows artifacts

Prerequisites

This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use Exterro/AccessData forensic software to examine,   analyze and classify digital evidence.

To obtain the maximum benefit from this class, you should meet the following requirements:

• Read and understand the English language
• Perform basic operations on a personal computer
• Have basic knowledge of computer forensic investigations and acquisition procedures
• Be familiar with the Microsoft Windows environment

Schedule

No classes scheduled at this time.