Facebook Twitter Linked In
 

Sessions:
Advanced Forensics
AccessData
Sorry there are currently no sessions scheduled for Advanced Forensics.
Please let us know you are interested in this course.

Fulcrum Training Vendors
 
Training
 
Advanced Forensics

The AccessData Advanced Forensics five-day course provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit® (FTKTM), FTK ImagerTM Password Recovery ToolkitTM (PRTKTM) and Registry ViewerTM. Participants will also use AccessData products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system artifacts. 

During this five-day, hands-on class, participants will perform the following tasks:

  • Install and configure FTK, FTK Imager, PRTK, and Registry Viewer.
  • Use FTK Imager to preview evidence, export evidence files, create forensic images and convert existing images.
  • Use the Registry Viewer to locate evidentiary information in Windows 2K and XP registry files.
  • Create a case in FTK.
  • Use FTK to process and analyze documents, metadata, graphics and e-mail.
  • Use bookmarks and check marks to efficiently manage and process case data.
  • Update and customize the KFF database.
  • Create and apply file filters to manage evidence in FTK.
  • Create regular expressions.
  • Import search lists for indexed searches in FTK.
  • Use the FTK Data Carving feature to recover files from unallocated disk space.
  • Use custom dictionaries and dictionary profiles to recover passwords in PRTK.
  • Use a FTK word list to create a custom dictionary in PRTK.
  • Create a user profile and biographical dictionary in PRTK.
  • Add SAM and Syskey values to PRTK to recover passwords and decrypt encrypted files.
  • Recover forensic information from Recycle Bin INFO2 files.
  • Recover forensic information from the following Windows XP artifacts:

o Thumbs.db files

o Metadata

o Link and Spool Files

o Alternate Data Streams

o Windows XP Prefetch

  • Recover EFS encrypted files on Windows 2000 and XP systems.
  • Create and customize reports.

 

The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop.

Prerequisites

This hands-on class is intended for new users, particularly forensic professionals and law enforcement personnel, who use AccessData forensic software to examine, analyze and classify digital evidence.

 

To obtain the maximum benefit from this class, you should meet the following requirements:

  1. Read and understand the English language.
  2. Perform basic operations on a personal computer.
  3. Have a basic knowledge of computer forensic investigations and acquisition procedures.
  4. Be familiar with the Microsoft Windows environment.
Advanced Forensics
Sorry - there are no sessions available to book.
 
Contact us
Australia:+61 (0)2 8012 9810
Singapore:+65 9297 1289
Customer Service:
Technical Support:
Training Bookings:
 
Register For the Fulcrum Newsletter HERE

© Fulcrum Management 2012
Name
Email
Organisation
Phone
Verification Code:
Name
Email
Organisation
Phone
Verification Code: