Information Recovery Intelligence Solutions
(312) 529-7790

Our Training

Computer Forensics I training – Dulles, VA

  • What constitutes digital evidence and how computers work:
  • An overview of the EnCase Computer Forensic Methodology
  • Acquisition of a hard disk, Mobile Device or Thumb Drive or SanDisk (microSD and microSDHC).
  • Acquisition using a forensically sounds Linux operating system, drive to drive and network crossover.
  • NT/FAT File Systems. How these file systems track data on their respective volumes as well as what occurs when a file is created or deleted.
  • How to create a case and how to preview/acquire media
  • How to conduct basic keyword searches
  • How to analyze file signatures and view files
  • How to restore evidence
  • How to archive files and data created through the analysis process
  • How to prepare evidence for presentation in court
  • How to verify the evidence file
  • Signature analysis, an automated comparison of the displayed file extension with the actual content of the file.
  • Hash Analysis, using unique values calculated based on file logical content to identify files.
  • Reporting, using and creating report templates
  • Verification of evidence files to demonstrate validity. Validating that hash and CRC values used in the evidence file verification are accurate.

Computer Forensics II training –  Chicago, IL

  • How to locate and recover deleted partitions.
  • How to deal with compound file types.
  • Windows® Registry.
  • How to determine time zone offsets and properly adjust case settings.
  • NT file system.
  • Evidence Processors.
  • How to recover deleted folders and conduct an index search.
  • The differences between single and logical evidence files and how to create and use of logical evidence files
  • How to conduct keyword searches and advanced searches using GREP.
  • How to identify Windows 7 operating system artifacts, such as link files, Recycle Bin, and user folders.
  • How to examine email and Internet artifacts.
  • How to create and use conditions for effective searching
  • How to conduct a search for email and email. attachments.
  • How to recover artifacts, such as swap files, file slack, and spooler files.
  • How to recover data from the Recycle Bin.
  • How to prepare reports and evidence for presentation in court.

Examinations of NTFS - Chicago, IL

  • Components of the NTFS Volume Boot Record and the Master File Table.
  • Definitions and purpose of NTFS internal system files.
  • Characteristics and storage of NTFS resident and non-resident attributes.
  • Storage of alternate data streams and reparse points.
  • Addressing NTFS user account information, encryption and file system security.
  • Resolving Windows® Vista operating system symbolic links.
  • Linking media to a NTFS volume.
  • Addressing technical issues associated with NTFS.
  • Advanced NTFS data recovery.

Advanced Computer Forensics - Chicago, IL

  • Advanced techniques for creating and using conditions.
  • Creating customized reports.
  • Examining smartphones and mobile devices.
  • The use of block-based file hash analysis for file recovery.
  • Hardware and software RAID technology, acquisition and examination.
  • Analysis and recovery of Microsoft Windows event log files.
  • Examination of the Microsoft Windows Registry.
  • Principles of encrypted data recovery.
  • Understanding and examining Windows BitLocker™ volumes.
  • The purpose and function of prefetch files and how to analyze them.
  • Various techniques on the examination RAM.
  • How to use the Volume Shadow Copy Service (VSS)
  • Recovering data from Zip files and the latest version of Microsoft® Word documents.
  • Using Windows® Search to perform index searches.
  • Using Windows operating system artifacts to identify the use of removable USB devices.