DFFAD - Digital Forensics with FRED / Access Data FTK Boot Camp
Description
Digital Forensics with FRED / Access Data FTK Boot Camp is a comprehensive, four-day course designed to provide the knowledge and skills necessary to conduct digital acquisitions and investigations using FTK Toolkit installed on a FRED workstation.
Objectives
This course combines the one-day Digital Forensics with FRED and three-days of FTK Boot Camp. Additional tools covered and used in class are FTK ImagerTM, Password Recovery Toolkit (PRTKTM), and Registry ViewerTM.
Participants will use AccessData products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system artifacts.
Upon course completion, attendees should be able to:
- Install AccessData software tools
- Image, acquire, export, and create forensic images
- Access and review registry entries
- Create a case, process and analyze documents, metadata, graphics, and e-mails using FTK
- Use bookmarks / checkmarks to efficiently manage and process a case
- Update / customize the KFF database
- Manage evidence using file filters
- Perform searches using regular expressions and imported search lists
- Carve unallocated disk space
- Create and customize reports
- Recover passwords using PRTK
- Gain practical experience with FTK indexing
- Create custom dictionaries using the FTK indexing
- Create regular expressions
- Use Registry Viewer to locate evidentiary information in Windows 2000 and Windows XP
- Integrate Registry Viewer with FTK
- Recover forensic information from Recycle Bin INDO2 files
- Recovery forensic information from various Windows XP artifacts
- Create a PRTK custom dictionary using an FTK word list
- Add SAM and Syskey values to PRTK to recover passwords and decrypt files
- Recover EFS encrypted files on Windows 2000 and Windows XP systems
Prerequisites
This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence.
To obtain the maximum benefit from this class, you should meet the following requirements:
- Read and understand the English language
- Perform basic operations on a personal computer
- Have basic knowledge of computer forensic investigations and acquisition procedures
- Be familiar with the Microsoft Windows environment
Syllabus
Downloadable course syllabus
Schedule
No classes scheduled at this time.
Toll Free: (866) DIGINTEL / (866) 344-4683
Phone: (262) 782-3332 Fax: (262) 782-3331
17165 W. Glendale Dr., New Berlin, WI 53151