3-Day instructor led course focused on systematic and efficient examination of computer media using X-Ways Forensics.
PLUS
2-Day Instructor led course focused on file systems using X-Ways Forensics.

Extensive introduction to the file systems FAT12, FAT16, FAT32 (1/2 day), NTFS (1 day), and Ext2/Ext3 (1/2 day). By fully understanding the on-disk structures of the file system, you are able to recover data manually in many severe data loss scenarios, where automated recovery software fails, and to verify the correct function of computer forensics software and to collect meta information beyond what is reported automatically, which might yield clues for the given case. In general, this also leads to a better understanding of the data presented by forensic software, of how computer forensics software works and of its limitations.

Immediate application of newly gained knowledge by examining data structures on a practical example with WinHex. These exercises will ensure you will remember what you have learned. By the end you will be able to navigate almost intuitively on a hard disk and to identify various sources of information with relevance to forensics. You will be enabled to recover data manually in several cases even where automated software fails and to verify the results computer forensics software reports automatically. You will receive a complete documentation of all the filesystems discussed in this course, with all the training material for later repetition.
Prerequisite: general computer science knowledge recommended (not just computer knowledge).

Selected topics: