Dimension Data IT Training Solutions Dimension Data - Home Dimension Data - Sitemap Contact Dimension Data

Search go


Go to EnCase Computer Forensic courses.
[Email] [Print] [Save]
EnCase® v6 FIM/Mobile Use of EE Live Forensics
Vendor Course Code:
Course Length:4 days
Course Price:$3,600.00 + GST
Availability:
 
 
 
 If your preferred city or time is not currently listed, please call DDLS on 13 12 01 and we can try to accommodate your needs.
Overview:This hands-on course is designed for investigators with significant computer skills who want to expand their knowledge of examining live computers, networks and servers. The class combines forensic examinations with live response in a network environment. Attendees learn to use the Field Intelligence Model (FIM)/Mobile EE software to examine a server to obtain evidence that may exist or be interpreted only while the server or network is running. Attendees also learn how to deploy the FIM/Mobile EE and conduct a forensic examination of a remote computer on the Internet.

Emphasis is placed on the access and acquisition of data from live machines running a variety of operating systems and file systems, and on overcoming myriad obstacles to obtain investigative information.

Skills Gained:
  • Understanding fundamental operations of the FIM/Mobile EE
  • Servlet pushing technologies: how to deploy the FIM/Mobile EE on servers and networks
  • Troubleshooting a FIM/Mobile EE deployment
  • Understanding firewalls
  • Live RAM investigations
  • Live forensic Linux examinations
  • Using the FIM/Mobile EE snapshot—identifying open ports, open files, processes and device logons on a live machine
  • Public Key Infrastructure and Virtual Private Network
  • Introduction to cryptology
  • Examining encrypted volumes
  • Introduction to hubs, switches, routers and networking
  • Understanding port numbers and open ports
  • MAC addresses and their evidentiary significance

    • Key Topics:Day one provides an understanding of the Field Intelligence Module. Using the Field Intelligence Module product, students will learn how FIM works.
    - Field Intelligence Module overview
    - Introduction to cryptology
    - Building the FIM SAFE
    - TCP/IP overview
    - FIM/EnCase concepts
    - First Response and triage with FIM
    - Troubleshooting a FIM deployment
    - Preview and Acquire a remote machine

    Day two gives the students hands on experience setting up and
    using Field Intelligence Module.
    - Basic servlet methodology and installation
    - FIM deployment on a RAID
    - Networking essentials, port forwarding
    - Deploying FIM on a network
    - Monitor a parolee/probationer in a dynamic IP environment
    - Covert FIM deployment from a secure Internet café or public library

    Day three builds on the skills previously learned. Students will capture and inspect FIM TCP packets and confirm the ports and encryption in use.
    - Capturing and examining encrypted FIM packets
    - Examining Windows® registry with FIM
    - Examining volatile data with EnCase Snapshot
    - Discover hidden processes/root kits
    - Deploy FIM without logon credentials
    - Examination of encrypted volumes

    Day four addresses the examination of Linux and Unix systems. Students will learn advanced servlet pushing technologies. Students will learn how to combine all discoveries into a readable, coherent report using FIM. They will also perform a final practical exercise within the given scenario to summarize the week’s instruction.
    - Creating Logical Evidence files with FIM
    - Using FIM to examine Linux and Unix
    - Advanced servlet pushing technologies
    - Using FIM to prepare a written report within the EnCase interface and exporting this report in HTML or other formats.
    - Comprehensive practical exam

    Target Audience:This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators and network security personnel. A basic understanding of the concepts of computer forensics, networking fundamentals and the Internet is helpful. The class curriculum builds upon the foundation of the EnCase Computer Forensics I and EnCase Computer Forensics II courses, with a focus on live network communication examinations.

    Prerequisites:This course is designed for investigators with significant computer skills. The course builds upon the foundation of the EnCase Computer Forensics I and EnCase Computer Forensics II courses, with a focus on live network communication examinations.
    Training Courses:  |  Microsoft Training  |  Cisco Training  |  Citrix Training  |  Check Point Training  |  Novell Training  |  IBM Lotus Training  |  Microsoft Business Solutions Training  |  CompTIA A+ Training  |  Professional Development Training  |  ITIL Training  |  Project Management Training  |  EnCase Computer Forensics

    Copyright 2007 Dimension Data Learning Solutions. All Rights Reserved. | Terms and Conditions of Use | Privacy Policy.