Computer forensics essential for complete security
Computer forensics is again in the hot-seat, with an article by Simon Sharwood appearing in a recent edition of MIS - Cyber sleuths on the trail of foul play.
Sharwood explains that computer forensics is essentials for detecting security incidents and proving (in court) that they have occurred.
"In a climate of heightened concern about corporate governance, the legal community is starting to advise business to learn more about forensics so that data retention policies ensure evidence is not destroyed or discarded."
EnCase® Forensic is the industry standard in computer forensic investigation technology and is manufactured by Guidance Software. DDLS provides training for EnCase Forensics, which enables attendees to learn to gather, locate, analyse and explain the results of computer forensics evidence to detect security incidents.
The following 7 streams of EnCase training are available at DDLS:
EnCase® v6 Computer Forensics I
Designed for investigators new to computer forensics. Topics covered include:
-
What is computer forensics and computer evidence?
-
Overview of the EnCase and computer forensic methodology
-
Determining whether a computer system contains evidence within the scope of your investigation or warrant.
EnCase® v6 Computer Forensics II
Designed for investigators with strong computer skills, prior computer forensics training and experience using EnCase. Topics covered include:
-
Acquiring and authenticating the most common types of media
-
Recovering NTFS file system artefacts such as swap files, file slack and spooler files
-
Authenticating the Evidence File format using CRC and hash values.
EnCase® v6 Advanced Computer Forensics
Designed for investigators with advanced computer skills and two or more years experience in computer forensics. Attendees learn advanced data recovery techniques of artefacts in the many file systems supported by EnCase.
EnCase® v6 FIM/Mobile Use of EE Live Forensics
Learn to use the Field Intelligence Model (FIM)/Mobile EnCase Enterprise software to examine a server to obtain evidence that may exist or be interpreted only while the server or network is running. Deploy the FIM/Mobile EE and conduct a forensic examination of a remote computer on the Internet.
EnCase® v6 Advanced Internet Examinations
Virtually all computer forensic examinations will involve analysis of e-mail and Internet artifacts, underscoring the need to understand the relevance of Internet and e-mail-based evidence recovered during examinations. This class focuses on the forensic evidence located on the computer belonging to the suspect and /or victim.
EnCase® v6 Network Intrusion Investigations I
This hands-on course is designed for investigators who want to learn more about network intrusions, the tools commonly used by attackers and the forensic artifacts left behind. This course goes into the technical aspects of network intrusions, as well as the methodology commonly used by attackers. The course combines forensic examinations with live response in a network environment.
EnCase® v6 NTFS
This hands-on course involves practical exercises and technical information about the NTFS file system. The class addresses the technical issues of the NTFS file system, including an in-depth analysis of the Master File Table (MFT) and its components.
For additional information on EnCase Computer Forensics training at DDLS, please contact your Account Manager or the DDLS Customer Care Centre on 13 12 01.
Get the latest training updates, seminar invitations and promotions.