Date/Time

Date(s) - Tue, Aug 14, 2018 - Fri, Aug 17, 2018
All Day

Location

NOVA-DC ICAC

FORENSIC EXPLORER CERTIFICATION TRAINING COURSE

(4-DAY – 32 Hours)  Costs:  $3,295.00

REGISTER FOR THIS COURSE

Forensic Explorer (FEX) is a specialized software tool engineered for the preservation, analysis and presentation of electronic evidence. Primary users of this software are law enforcement, government, military and corporate investigation agencies. This one-day training course has been developed to educate all levels of digital forensic investigators on how to best utilize FEX Imager in conjunction with FEX to triage and acquire digital evidence. Participants will perform practical hands on assessment and theory test throughout the training. At the conclusion and successful completion of the course, participants will be awarded the Forensic Explorer Triage and Acquisition Certification. This class is traditional a one day add-on leading into the FEXCE certified three-day training.

Forensic Explorer (FEX) is a specialized software tool engineered for the preservation, analysis and presentation of electronic evidence. Primary users of this software are law enforcement, government, military and corporate investigation agencies. This three day certified training course has been developed to educate all levels of digital forensic investigators how to best utilize FEX.

Upon the course completion participants will be awarded the Forensic Explorer Examiner Certificate.

DAY ONE:

• Forensic Explorer Welcome and Introduction
  • Key program features
  • Installation
  • Forensic analysis work station – system settings and configuration
  • Case management
  • Dongle activation and update management
  • Advanced Wibu key and network configuration
  • Maintenance FEX License and Wibu key
• Forensic Acquisition
  • Write blocking vs Write protection
  • Integration with Imaging Hardware and Software
  • Recognition of Physical Storage Media (Internal Live v External Portable)
  • Physical v Logical Imaging
  • GetData Forensic Imager Overview
  • Acquisition Interface
  • Acquisition Audit Trial
  • Validating GetData Forensic Imager
• Forensic Explorer Interface – Logical Acquisition
  • Introduction, Navigation and Overview of FEX
  • Evidence Module
  • Preview and Adding Device or Image
  • Network Analysis
  • Processing Options
  • File System Module
  • Creating a Logical Image File
  • Validating an Evidence File

Forensic Explorer (FEX) is a specialized software tool engineered for the preservation, analysis and presentation of electronic evidence. Primary users of this software are law enforcement, government, military and corporate investigation agencies. This three-day certified training course has been developed to educate all levels of digital forensic investigators on how to best utilize FEX. Participants will perform practical hands on assessment and theory test throughout the training. At the conclusion and successful completion of the course, participants will be awarded the Forensic Explorer Certified Examiner, (FEXCE).

DAY TWO:

• Forensic Explorer Overview and Introduction
• Key program features
  • Installation
  • Forensic analysis work station – system settings and configuration
  • Case management
  • Dongle activation and update management
  • Advanced Wibu key and network configuration
  • Maintenance FEX License and Wibu key
• Creating a Digital Case
  • Adding and removing evidence within FEX
  • Assessment and previewing evidence
  • Creating, converting previews and saving a case
  • Creating and managing investigators profiles
  • Understanding the evidence processor
• Forensic Explorer Interface
  • Module data interpretation
  • Customizing layouts
  • Process logging and prioritizing
  • Date and time verification
  • Digital forensics date and time analysis
  • FAT, HFS, CDFS file system date and time
  • NTFS, HFS+ file system date and time
  • Date and time information in the Windows registry

DAY THREE:

• Case Investigation and Analysis
  • Module structure and overviews
  • Folder tree structure
  • Categories filters
  • Data Views
    • File lists
    • Gallery
    • Disk views
    • Category graph
  • File Views
    • Hex and text
    • Bookmark
    • Byte plot and character distribution
    • Display– (Native interpretation)
    • File system record
    • Metadata
    • File extent
    • Property viewer (Email Module)
• Data Management
  • Filters
  • Data and file view internal searching
• Keyword and Index Searching
  • Keyword Search – Management
    • Text
    • Hexadecimal
    • Regular Expressions (PCRE)
  • dtSearch analysis and searching techniques
• Bookmarking – Investigators Notes and Observations
  • Relationship between bookmarks and report
  • Manual and automated bookmarking
  • Modification of bookmarks
• Hash Analysis
  • Hash values
  • Hash algorithms
  • Hash sets
  • Creating hash sets
• Signature Analysis and File Carving
  • File signature analysis
  • Signature/File header and foot identification
  • File algorithm analysis

DAY FOUR:

• Email Module
  • Microsoft Outlook .PST email analysis
  • Identifying and analysis of email attachments
• Registry Module
  • Automated registry analysis
  • Deleted registry keys
• Introduction to FEX Scripting Functionality
  • Script functionality behind the FEX Interface
  • Using automated scripts
• Report Management
  • Creating manual reports
  • Creating templates
  • Saving and exporting templates
  • Exporting reports
• Examining Shadow Copy
  • Shadow copy identification
  • Shadow copy file carving
  • Shadow copy forensic analysis
• Live Boot / Mount Image Pro / Virtual Machine
  • Running Live Boot to show a virtual environment of subject evidence
  • Password bypassrecovery of user accounts
  • Recreating historic restore points
• Final Hands on Practical
  • Practical assessment covering all aspects of the previous day’s activities
  • Award ‘FEX Examiner Certification” on successful completion

 

REGISTER FOR THIS COURSE