Twitter Linked In

Forensics (3 day course)
X-Ways Software Technology
Sorry there are currently no sessions scheduled for Forensics (3 day course).
Please let us know you are interested in this course.

Fulcrum Training Vendors
Forensics (3 day course)

3-Day instructor led course focused on systematic and efficient examination of computer media using X-Ways Forensics.

Complete and systematic coverage of all computer forensics features in WinHex and X-Ways Forensics. Hands-on exercises, simulating most aspects of the complete computer forensics process. Attendees are encouraged to immediately try newly gained insights as provided by the instructor, with sample image files. Many topics are explained along with their theoretical background (e.g. how .e01 files work internally, how hash databases are internally structured, how deleted partitions are found automatically, with what methods X-Ways Forensics finds deleted files). Other topics are forensically sound disk imaging and cloning, data recovery, search functions, dynamic filtering, report creation, ... Emphasis can be put on any aspect suggested by the participants. You will receive complete printed training material for later repetition. Prerequisite: basic knowledge of computer forensics.

The students will learn e.g. how to get the most thorough overview conceivable of existing and deleted files on computer media, how to scan for child pornography in the most efficient way, or how to manually recover deleted files compressed by NTFS which would not even be found by conventional file carving techniques.

  • Basic setup of the software
  • Learning the user interface components
  • Understanding the data interpreter
  • Preparing media for cloning
  • Cloning media/Image creation
  • Creating a case/adding evidence objects
  • Hash calculation and checking
  • Using the gallery view and skin color detection efficiently
  • Calendar view usage (timeline)
  • Previewing file contents
  • Creating drive contents tables systematically
  • Creating hash sets and matching against existing hash sets
  • Detecting data hiding methods like alternate data streams, host-protected areas (HPA), misnamed files
  • Adding annotations/bookmarks
  • Report creation
  • Working with the directory browser
  • Synchronizing directory browser and directory tree for optimized work
  • Working with the Access button menu
  • Various methods of file recovery
  • Customizing file signatures
  • Extraction and analysis of free space, slack space, etc.
  • Finding and analyzing deleted partitions
  • Using search and index functions effectively
  • Efficient navigation of the file systems' data structures
  • Data profiles
  • Decoding Base64, Uuencode, etc.
  • Viewing RAM
  • Assemble RAID systems
  • Recovering deleted NTFS-compressed files manually
  • Optionally other topics like template and script programming

    It is the goal to be able to draw sustainable conclusions from the data and metadata stored on or seemingly deleted from media to answer to specific problems while documenting the proceedings in a manner acceptable in court.


    "What documents were altered on the evening of January 12, 2005?"
    "What pictures were hidden with what method, where and by whom?"
    "Who viewed which web pages on what day?"
    "Which MS Excel documents saved by Alan Smith contain the keyword 'invoice'?"
  • Forensics (3 day course)
    Sorry - there are no sessions available to book.
    Contact us
    Australia:+61 (0)2 8012 9810
    Singapore:+65 9297 1289
    Customer Service:
    Technical Support:
    Training Bookings:
    Register For the Fulcrum Newsletter HERE

    © Fulcrum Management 2012
    Verification Code:
    Verification Code: