This course is intended for forensic investigators with a basic working knowledge of the following:
Forensic Toolkitฎ (FTKTM)
Password Recovery ToolkitTM (PRTK)
Microsoft* EFS Encryption
To obtain the maximum benefit from this course, you should meet the following requirements:
Able to understand course curriculum presented in English
AccessData BootCamp or equivalent experience with FTK and PRTK
Previous investigative experience in forensic case work
Perform basic operations on a personal computer
Be familiar with the Microsoft Windows environment
Class Materials and Software:
You will receive the associated materials prior to the course.
During this one-day, hands-on course, participants perform the following tasks:
Review different encryption systems.
Explore different types of encryption attacks including dictionary, keyspace, and rainbow table
Decrypt an ROT13 password.
Encrypt and decrypt using XOR.
Decode Trillian passwords.
Recover extended ASCII character passwords.
Recover foreign language character set passwords.
Review what types of information may be gleaned from the suspect to build a custom dictionary
for a PRTK attack.
Review the PRTK interface.
Define custom dictionaries and attack profiles.
Decrypt files in PRTK.
Generate reports to document job results.
Recover passwords from Microsoft Office products including:
o Microsoft Word
o Microsoft Excel
o Microsoft Outlook
o Microsoft PowerPoint
o Microsoft Access
Recover foreign language passwords.
Recover a Windows logon password.
Use the AccessData Decryption Methodology to attack encrypted documents:
o Export the case index from FTK to build a custom PRTK dictionary.
o Recover password artifacts from Windows registry files.
o Build biographical dictionaries using case data and web artifacts.
o Use the Passphrase Generator to generate possible passphrases from case documents
or a dictionary