Forensic Explorer Examiner Training

 
 

Course Outline

{tab Day 1}

Forensic Explorer Overview and Introduction

Key program features

  • Installation
  • Forensic analysis workstation – system settings and configuration
  • Case management
  • Dongle activation and update management
  • Advanced Wibu key and network configuration
  • Maintenance FEX License and Wibu key

Forensic Acquisition

  • Write blocking vs. White protection
  • Network examinations and analysis
  • GetData Forensic Imager

Creating a Digital Case

  • Adding and removing evidence within FEX
  • Assessment and proviewing evidence
  • Creating, converting previous and saving a case
  • Creating and managing investigators profiles
  • Understanding the evidence processor

{tab Day 2}

Forensic Explorer Interface

  • Module data interpretation
  • Customizing layouts
  • Process Logging and prioritizing
  • Date and time verification
  • Digital forensics date and time analysis
  • FAT, HFS, CDFS file system date and time
  • NTFS, HFS+ file system date and time
  • Date and time information in the Windows registry

Case Investigation and Analysis

  • Module Structure and Overviews
  • Folder Tree Structure
  • Categories Filters
  • Data Views
  • - File List
  • - Gallery
  • - Disk Views
  • - Category Graph
  • File Views
  • - Hex and Text
  • - Bookmarks
  • - Byte Plot and Character Distribution
  • - Display - (a native interpretation)
  • - File system Record
  • - Metadata
  • - File Extent
  • - Property Viewer (Email Module)

Data Management

  • Filters
  • Data and file view internal searching

Keyword Indexing and Searching

  • Keyword Search - Management
  • - Text
  • - Hexadecimal
  • - Regular Expressions (PCRE)
  • dtSearch analysis and searching techniques

Bookmarking - Investigators Notes and Observations

  • Relationship between bookmarks and report
  • Manual and automated bookmarking
  • Modification of bookmarks

Hash Analysis

  • Hash Values
  • Hash Algorithms
  • Hash Sets
  • Creating Hash Sets

Signature Analysis and File Carving

  • File Signature Analysis
  • Signature / File header and footer identification
  • File algorithm analysis

{tab Day 3}

Email Module

  • Microsoft Outlook .PST email analysis
  • Identifying and analysis of email attachments

Registry Module

  • Automated Registry Analysis
  • Deleted Registry Keys

Introduction to FEX Scripting Functionality

  • Script functionality behind the FEX Interface
  • Using automated scripts

Report Management

  • Creating Manual Reports
  • Creating Templates
  • Saving and Exporting Templates
  • Exporting Reports

Examining Shadow Copy

  • Shadow Copy identification
  • Shadow Copy file carving
  • Shadow Copy forensic analysis

Live Boot / Mount Image Pro / Virtual Machine

  • Running Live Boot to show a virtual environment of subject evidence
  • Password bypass/recovery of user accounts
  • Recreating historic restore points

Final Hands-on Practical

  • Practical assessment covering all aspects of the previous day's activities
  • Award "FEX Examiner Certification" on successful completion

{/tabs}

Upcoming Courses

There are no up-coming courses