FT310, Advanced Deployable Forensics (ADEF)
Who Should Attend:
DOD and federal law enforcement personnel who will be deployed and are
required to analyze recovered digital media for mission relevant
intelligence and investigative information.
Prerequisites:
FT211 (DEF) or
TT110 (INCH) and RT120 (CIRC) and
FT210 (WFE-E) or FT215 (WFE-FTK) or
Test outs
Duration:
5 Days
Course Description:
Students learn advanced forensic techniques to quickly and accurately recover
time-sensitive and mission relevant information from digital media when
working in a hostile environment. Advanced techniques include advanced
keyword searching, rebuilding RAID, imaging of cell phones, GPS devices and
alternative portable devices.
Objectives:
- Use a variety of software forensic tools to acquire images of digital media.
- Use Helix to recover data from various digital media types
- Extract data from cellular phones, global positioning systems (GPS), and media players.
- Image and Recover Redundant Array of Inexpensive Disks (RAID) using hardware and software tools.
- Preview and image a variety of alternative storage devices and techniques
- Use advanced features of the EnCase forensic software tool to quickly and tactically recover data.
Topics Covered
- Recovering deleted partitions
- Registry analysis
- Advanced keyword searching techniques
- Rebuilding RAIDs
- Advanced Helix techniques
- Logical acquisitions
- Use of cross-over cables
- Use of software write blockers
- USB imaging techniques
- Advanced cell phone, GPS, and alternative devices exploitation