Course archive
The courses below were all published in 2015 or earlier. While we stand by pubishing them then, we've grown so much since. We recognize that these workshops don't exactly meet our standards, as we understand them today.
All classes are available within our premium membership, and have adjusted CPE awards to reflect their respective contents. If you join, please keep in mind that some of the information inside might be outdated or not relevant. We'll be adding notes at the beginning of each course to let you know what's worth checking out in each!
The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription
18 CPE credits, Self-paced
You will learn ...
- How to create images of hard drives
- Adding evidence Items
- How to preview files and folders on the hard drive
- Removing Evidence
- Acquiring Protected files
- Encrypted Images
- Creating hashes using hash functions (MD5) and (SHA-1)
- Create a hash report to prove integrity of evidence
SYLLABUS
Stage 1: Installing the Forensic Toolkit
- System Requirements
- Supported File Systems and Image Formats
- System Preparation
- Basic Installation
- Basic Install from CD
- Basic Install from Downloadable Files
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Stage 2: FTK Overview
- Acquiring and Preserving the Evidence
- Analyzing the Evidence
- Hashing
- Known File Filter
- Searching
- Presenting the Evidence
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Stage 3: Preparing the Evidence Disk
- Adding Evidence
- Completing the Add Evidence Form
- Selecting Evidence Processes
- Managing Evidence
- Refining the Index
- Reviewing Evidence Setup
- Processing the Evidence.
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Stage 4: Acquiring a Disk ImageImaging a live system
- Decide if you are going to image a physical or logical disk
- The advantages of acquiring a physical disk
- Acquiring a logical drive
- Mount your evidence drive on the suspect system
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Stage 5: Analyzing the Evidence
- Hashing
- Known File Filter
- Searching
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Stage 6: Creating a Report
- “Starting a Case”
- “Entering Forensic Examiner Information”
- “Completing the New Case Form”
- “Selecting Case Log Options”
- “Selecting Evidence Processes”
- “Refining the Case”
- “Refining the Index”
- “Managing Evidence”
- “Reviewing Case Summary”
- “Processing the Evidence”
- articles
- workshops tutorials/videos
- practical tasks
- exam at the end
Contact:
If you have any questions, please contact us at [email protected].
Basic
Its a bit basic and is essentially a guide to using ftk the most useful part is teaching you how to get windows registry hives
Short but straightforward tutorial on an important piece of software! I’ve been using FTK Imager for years and I learned a few new tricks.