DFFAD - Access Data FTK Boot Camp
Description
Digital Intelligence's AccessData FTK Boot Camp (DFFAD) is a comprehensive, three-day course designed to provide the knowledge and skills necessary to conduct digital acquisitions and investigations using FTK Toolkit.
Students who attend DFFAD are invited to take the Digital Forensics with FRED (DFF) class at no additional charge. DFFAD is taught Tuesday-through-Thursday so students can combine DFFAD with the one-day DFF class offered on Mondays. This makes the best use of each student's travel time and maximizes hands-on instruction with the combined FRED + FTK solution.
Objectives
This course combines the one-day Digital Forensics with FRED and three-days of FTK Boot Camp. Additional tools covered and used in class are FTK ImagerTM, Password Recovery Toolkit (PRTKTM), and Registry ViewerTM.
Participants will use AccessData products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system artifacts.
Upon course completion, attendees should be able to:
- Install AccessData software tools
- Image, acquire, export, and create forensic images
- Access and review registry entries
- Create a case, process and analyze documents, metadata, graphics, and e-mails using FTK
- Use bookmarks / checkmarks to efficiently manage and process a case
- Update / customize the KFF database
- Manage evidence using file filters
- Perform searches using regular expressions and imported search lists
- Carve unallocated disk space
- Create and customize reports
- Recover passwords using PRTK
- Gain practical experience with FTK indexing
- Create custom dictionaries using the FTK indexing
- Create regular expressions
- Use Registry Viewer to locate evidentiary information in Windows 2000 and Windows XP
- Integrate Registry Viewer with FTK
- Recover forensic information from Recycle Bin INDO2 files
- Recovery forensic information from various Windows XP artifacts
- Create a PRTK custom dictionary using an FTK word list
- Add SAM and Syskey values to PRTK to recover passwords and decrypt files
- Recover EFS encrypted files on Windows 2000 and Windows XP systems
Prerequisites
This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence.
To obtain the maximum benefit from this class, you should meet the following requirements:
- Read and understand the English language
- Perform basic operations on a personal computer
- Have basic knowledge of computer forensic investigations and acquisition procedures
- Be familiar with the Microsoft Windows environment
Syllabus
Downloadable course syllabus
Schedule
| Title | Dates | Location |
|---|---|---|
| DFFAD - Access Data FTK Boot Camp | Jul 30, 2019 (Tue) - Aug 01, 2019 (Thu) |
Digital Intelligence
17165 W. Glendale Drive
|
| DFFAD - Access Data FTK Boot Camp | Oct 15, 2019 (Tue) - Oct 17, 2019 (Thu) |
Digital Intelligence
17165 W. Glendale Drive
|
Toll Free: (866) DIGINTEL / (866) 344-4683
Phone: (262) 782-3332 Fax: (262) 782-3331
17165 W. Glendale Dr., New Berlin, WI 53151