**Formerly EnCase Advanced Computer Forensics

This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.

Delivery method: Group-Live. NASBA defined level: advanced.

This course provides in-depth coverage on topics, including:

• Examination of the Microsoft Windows Registry
• The use of block-based file hash analysis for file recovery
• Examination of Volume Shadow Copy (VSC) data maintained by the Windows Volume Shadow Service (VSS)
• Examination and recovery of Windows event logs
• Hardware and software RAID technology, acquisition, and examination
• Understanding SQLite databases and querying their data
• Recovering deleted SQLite data
• The purpose and function of prefetch files and how to analyze them
• Principles of encrypted data recovery
• Various techniques on the examination RAM
• Low-level data recovery from Zip files and the latest version of Microsoft Word documents