DFFAD - Access Data FTK Boot Camp

Description

Digital Intelligence's AccessData FTK Boot Camp (DFFAD) is a comprehensive, three-day course designed to provide the knowledge and skills necessary to conduct digital acquisitions and investigations using FTK Toolkit.

Students who attend DFFAD are invited to take the Digital Forensics with FRED (DFF) class at no additional charge. DFFAD is taught Tuesday-through-Thursday so students can combine DFFAD with the one-day DFF class offered on Mondays. This makes the best use of each student's travel time and maximizes hands-on instruction with the combined FRED + FTK solution.

Objectives

This course combines the one-day Digital Forensics with FRED and three-days of FTK Boot Camp. Additional tools covered and used in class are FTK Imager^TM, Password Recovery Toolkit (PRTK^TM), and Registry Viewer^TM.

Participants will use AccessData products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system artifacts.

Upon course completion, attendees should be able to:

Install AccessData software tools
Image, acquire, export, and create forensic images
Access and review registry entries
Create a case, process and analyze documents, metadata, graphics, and e-mails using FTK
Use bookmarks / checkmarks to efficiently manage and process a case
Update / customize the KFF database
Manage evidence using file filters
Perform searches using regular expressions and imported search lists
Carve unallocated disk space
Create and customize reports
Recover passwords using PRTK
Gain practical experience with FTK indexing
Create custom dictionaries using the FTK indexing
Create regular expressions
Use Registry Viewer to locate evidentiary information in Windows 2000 and Windows XP
Integrate Registry Viewer with FTK
Recover forensic information from Recycle Bin INDO2 files
Recovery forensic information from various Windows XP artifacts
Create a PRTK custom dictionary using an FTK word list
Add SAM and Syskey values to PRTK to recover passwords and decrypt files
Recover EFS encrypted files on Windows 2000 and Windows XP systems

Prerequisites

This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence.

To obtain the maximum benefit from this class, you should meet the following requirements:

Read and understand the English language
Perform basic operations on a personal computer
Have basic knowledge of computer forensic investigations and acquisition procedures
Be familiar with the Microsoft Windows environment

Syllabus

Downloadable course syllabus

Schedule

No classes scheduled at this time.