FORENSICS 408 - Day 2
Focus: Moving quickly from evidence acquisition, you will begin your investigation using cutting-edge tools that the pros use. Host, server, and webmail forensics the investigator will learn how to recover and analyze the most popular form of communication.
The day will begin with the analysis of electronic evidence using commercial and freely available toolkits packaged into the Windows SIFT Workstation. You will learn how to recover deleted data from the evidence, perform string searches against it using a word list, and begin to piece together the events that shaped the case. Today's course is critical to anyone performing digital forensics to learn the most up-to-date techniques of acquiring and analyzing digital evidence.
Email Forensics: Investigations involving email occur every day. However, email examinations require the investigator to pull data locally, from an email server, or even recover web-based email fragments from temporary files left by a web browser. Email has become critical in a case and the investigator will learn the critical steps needed to investigate Outlook, Exchange, Webmail, and even Lotus Notes email cases.
This course is very hands-on. Each investigator will acquire a disk image and begin analysis on a case that will utilize the skills presented throughout the day. This course is necessary for anyone looking to put to practice the skills they are learning daily.