Platinum Training - Technology training for the real world

MCSE/MCSA courses
Windows 2000 server and workstation course run on Saturdays - Special price (two courses for less than the price of one ) ......
Learn more about our FREE training!
Platinum Training homePlatinum Training homeAbout Platinum TrainingCoursesPlatinum Training servicesFree stuffContact us



AccessData BootCamp

This course provides students with the knowledge and skills necessary to install, configure, and effectively use the combined abilities of AccessData’s Forensic Toolkit (FTK) and Password Recovery Toolkit (PRTK) to locate and examine e-mail messages, deleted files, free space and file slack.

Additionally, students will learn how to search for and export graphic files, as well as export and gain access to encrypted files from multiple industry standard applications. Documenting digital media information and working with multiple forensic image formats are also explored.

The hands-on intensive course is intended for Forensic Investigators, Law Enforcement Personnel and Security and Network Administrators that are responsible for creating cases that examine, analyze, and classify digital evidence

Accessdata Bootcamp Schedule

Windows Forensics

This course provides students with the knowledge and skills necessary to conduct an effective Windows based investigation. Attendees should already be conducting computer based investigations and be familiar with the AccessData suite of tools.

In addition to using advanced search and filtering techniques, students will use the Ultimate Toolkit (with the new Registry Viewer) to address the following Windows artifacts:

The Recycled / Recycler Bin --- (deleted files, place-holders and INFO2 databases)
File Meta Data and OLE Items --- (dates and times and file summary data)
Print Spools and Remnants --- (print jobs and temp files that remain behind)
Unallocated Data Carving --- (recovering files from unallocated and embedded space)
Windows Log & Link Files --- (other system device access / login records)

Registry File Data - Using the new Registry Viewer - specifically:

NTUSER.DAT / SYSTEM files --- (protected storage data / user info)
SAM / SOFTWARE / SECURITY / SYSTEM --- (machine time bias / USER-SID / login)

Students will also learn how to gain access to files that have been encrypted with the Microsoft Encrypted File System (EFS) component, parse thumbnail lists from Windows and other popular applications, and more.

The advanced hands-on intensive course is intended for Forensic Investigators, Law Enforcement Personnel and security and network administrators who desire a greater understanding of the Windows registry and other various operating system artefacts as they relate to computer forensic investigations.

Windows forensics Schedule

Internet Forensics

This course focuses on the following Internet applications and their evidentiary considerations:

America Online
AOL Client Picture Viewer – deleted thumbnail picture recovery
User History, Bookmarks, Auto-Complete and Connectivity Information
Buddy Lists – Differences between “blocked” and “allow” users
Evidentiary Preferences
Application and User generated log files
AOL Offline Personal Filing Cabinet

Windows Profile Discovery
Files that make up the Registry
Multiple Profile File Structure
The Registry – based on who logs in – as it applies to Messengers

AOL Instant Messenger – MSN Messenger – YAHOO Messenger
User Contact lists
Instant Message Recovery
Server Acquired Times
File Transfer and Sharing Preferences
Chat Room Information and Logs
Multiple Messenger Profiles and Alias
Client Login Password Recovery
Web-Based Chat & Mail Recovery

Internet forensics Schedule

 

 
 


Back to top

Book your Platinum Training course now on 09 620 2090 or info@ptnz.com

Copyright © Platinum Training Ltd. All rights reserved