Objectives

This course combines the one-day Digital Forensics with FRED and three-days of FTK Boot Camp.  Additional tools covered and used in class are FTK Imager^TM, Password Recovery Toolkit (PRTK^TM), and Registry Viewer^TM.

Participants will use Exterro products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system   artifacts.

Upon course completion, attendees should be able to:

• Install Exterro software tools
• Create a case, process and analyze documents, metadata, graphics, and e-mails using FTK
• Use bookmarks / check marks to efficiently manage and process a case
• Update / customize the KFF database
• Manage evidence using file filters
• Perform searches using regular expressions and imported search lists
• Carve unallocated disk space
• Create and customize reports
  
• Gain practical experience with FTK indexing
  
• Create custom dictionaries using the FTK indexing
  
• Create regular expressions
• Use Registry Viewer to locate evidentiary information in Windows
• Integrate Registry Viewer with FTK
• Recover forensic information from Recycle Bin
• Recovery forensic information from various Windows artifacts

Prerequisites

This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine,   analyze and classify digital evidence.

To obtain the maximum benefit from this class, you should meet the following requirements:

• Read and understand the English language
• Perform basic operations on a personal computer
• Have basic knowledge of computer forensic investigations and acquisition procedures
• Be familiar with the Microsoft Windows environment

Schedule