Facebook Twitter Linked In
 

Sessions:
Applied Decryption
AccessData
Sorry there are currently no sessions scheduled for Applied Decryption.
Please let us know you are interested in this course.

Fulcrum Training Vendors
 
Training
 
Applied Decryption

Learn the science of Cryptography and how it plays a role in computer forensics.

Applied Decryption is an intensive, hands-on course that reviews current encryption technology and provides the knowledge and skills necessary to recover passwords using PRTKTM and DNATM. This course introduces advanced cryptography concepts, including encryption standards and file recovery strategies. Participants are guided through a basic cryptographic system, including the elements used to create a File Encryption Key (FEK), passwords, hash functions, salt, passkey, and the FEK itself. 

Participants are also introduced to AccessDataTM decryption technology software. The course outlines how Password Recovery ToolkitTM (PRTK) and Distributed Network AttackTM (DNA) recover passwords from common applications, including the types of attacks that may be employed. It also reviews PRTK and DNA features and functions, including how to start attack sessions, how to import dictionaries, how to create attack profiles, and how to report Session/Job properties information.

Also key to this course is AccessData Decryption Methodology. Students review tactics like generating dictionaries based on suspect intelligence or exporting a word list from FTK, then importing the word list in PRTK or DNA to build an attack profile.

After setting up the framework of decryption tools and strategies, this course focuses on how to attack specific encryption technologies, including:

  • PGP: Participants review digital signatures and certificates, with a specific discussion about the PGP Web of Trust

    including how the Web of Trust can be implemented, methods a third-party may use to infiltrate the group, and man-in-the-

    middle attacks.

  • Encrypted Containers: Participants first learn how a virtual container file is viewed with a forensic tool when it is not

    mounted with the native application. This is followed by a discussion of how to recover passwords for encrypted containers so that you can natively mount the volume. Participants also discuss best-practice procedures to acquire a forensic image of the mounted virtual container using FTK Imager.

  • EFS: Participants gain an understanding of how the Encrypting File System (EFS) works and how EFS file data can be recovered. Participants learn where Windows stores the encryption and decryption keys and how to exploit weaknesses within the Windows operating system to obtain these keys and decrypt the data. They are also given detailed instruction on the steps required for FTK to decrypt EFS file data on Windows 2000 and Windows XP SP1 systems.

  • Protected Storage in Internet Explorer Versions 7-9: Participants discuss the definition, function, and forensic importance of protected storage artifacts associated with the Microsoft Internet Explorer Browser.

  • Data Within Data: Participants are introduced to steganographythe concept of data concealed within dataand how to forensically process such files.

  • System BitLocker and BitLocker To Go: Participants review some of the core functions related to acquiring BitLocker- encrypted evidence. Participants first learn how to identify an encrypted volume. The course then presents different ways to decrypt and forensically acquire data from a BitLocker-protected drive.

Prerequisites:

This course is intended for forensic investigators with experience in forensic case work and a basic working knowledge of FTK, FTK Imager, Registry Viewer, and PRTK.

To obtain the maximum benefit from this course, you should meet the following requirements: Able to understand course curriculum presented in English

AccessData BootCamp or equivalent experience with FTK and PRTK Previous investigative experience in forensic case work 

Applied Decryption
Sorry - there are no sessions available to book.
 
Contact us
Australia:+61 (0)2 8012 9810
Singapore:+65 9297 1289
Customer Service:
Technical Support:
Training Bookings:
 
Register For the Fulcrum Newsletter HERE

© Fulcrum Management 2012
Name
Email
Organisation
Phone
Verification Code:
Name
Email
Organisation
Phone
Verification Code: