Computer Forensics and Data Analysis
Software Training Services  
      Search:
Featuring

Home
What's New
Software

Training
Services
Reference

About Us
FAQs
Articles
Resources

Our Company

Legal Notices
Contact Us

Quick Help

Order: online
Order: online (secure)
How to Order
e-mail us

Advanced Computer Forensic Training
Seminar Outline
Advanced Forensic Course Information

The Advanced Computer Forensic Training seminar is designed as a followup to the Maresware basic forensic training. It is recommended for those who have a basic understanding of the forensic process and of Microsoft operating systems.

The seminar includes a significant amount of technical and hands on work to allow the students time to develop expertise and understanding of the individual processes and techniques.

Mastery of this material will also provide more thorough understanding of automated integrated software packages. This enhances the examiners ability to: properly select software for each task; explain/defend his procedures and finding; and extend his capabilities beyond any constraints inherent in a particular software package.

Minimum Prerequisites: The basic Maresware forensic class (or equivalent) along with a basic knowledge of computers, DOS commands and the ability to efficiently use the keyboard to maneuver through the file system.

DAY ONE

Course Overview
Legal: Review of administrative and legal topics
Hardware: Review of basic technical topics
File name: Proper naming conventions for files and directories
Physical access: EXT INT13 and LBA
HD Practical: Practical using programs to work around hard drives
Batch files: Writing intelligent batch files

DAY TWO

File dates/times: Windows dates and times
LFN: Windows long file names
32 Bit Fat: Maneuvering through the FAT
Imaging Drives: Techniques and problems
Erasing and Recovering files: Manually erasing/recovering files
Processing: Designing a sound process
Sectors and clusters: How sectors and clusters relate to forensics
Software validation: Designing a validation process

DAY THREE

Software validation: Validating a program operation
Evidence Disks: Preparing the evidence boot and work disk
Record system information: Capturing system information
Hash Physical drive: Drive CRC/Hash
File hashing: Hashing and cataloging files

DAY FOUR

Create forensic diskette: Practical experience creating proper forensic boot disks and process disks
Wiping drives: Wiping the work drive
Imaging and Restoring Drives: Practice imaging and restoring drives
Process restored drive: Perform entire initial process
Key Word Searching: Key word searching and learning to develop meaningful keyword lists
Win9X: Evidence locations

DAY FIVE

NTFS ADS: Identifying and managing alternate data streams
Final Practical: Process a seized disk image

Top

Home  |  Whats New  |  Howto Order  |  Training  |  Services  |
About Us  |  FAQ's  |  Articles  |  Resources  |  Legal Notices  |  Contact Us  |
Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |
 |  SoftwareData Analysis Software  |  Forensic Processing Software  |  Linux Processing Software  |
Complete helpfile.zip  | Complete pdf_s.zip  | Complete 16 bit software.zip  | Complete 32 bit software.zip  |
 
copyright © 1998-2003 by Mares and Company, LLC