FT440, Data Recovery (DR)
Who Should Attend:
DOD and federal law enforcement agents who will be called upon to perform
forensic analysis of digital media.
Prerequisites:
TT110 (INCH), RT120 (CIRC), and FT210 (WFE-E) or applicable Test outs
Duration:
5 Days
Course Description:
Examines advanced digital forensic data recovery topics, tools,
and practices to recover information and aid investigations.
Students learn ways to defeat data hiding techniques such as
steganography, encryption, and passwords on protected systems.
Objectives:
- Demonstrate an understanding of advanced data recovery situations, and possible solutions, that may occur in a digital forensic environment
- Use data recovery tools and techniques to identify and recover information of investigative relevance from digital media
- Explain the ramifications of data hiding techniques, such as steganography, and determine the appropriate techniques to defeat them
- Defeat common encryption techniques using sound methodologies and understand their significance to forensic examinations
- Use advanced techniques to overcome password protected systems and files
- Recognize the types of CD and DVD media available and be able to recover information from them
Topics Covered
Introduction to Data Recovery
- Data Recovery Concepts and Research Techniques
Virtual Machines (VM)
- Introduction to VM and applications, VMware Player versus VMware Server
- Live View, its Interface and Imaging
- EnCase Physical Disk Emulator
Advanced Windows Forensic Analysis
- Advanced Windows and Registry Artifacts
- Vista, its Folder Structure and Bit Locker
Partitions / Partition Recovery
RAIDs
- Hardware and Software RAIDS, Rebuilding a RAID with EnCase
Data Hiding and Encryption
- Data Hiding and Wiping
- Encryption and Encryption Volumes