AccessData Forensics
AccessData Advanced Bootcamp
The AccessData® Technology class provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit® (FTK™), FTK Imager™, Password Recovery Toolkit™ (PRTK™), and Registry Viewer™.
Participants will also use AccessData products to conduct forensic investigations on Microsoft® Windows® systems, learning where and how to locate Windows system artifacts.
During this five-day, hands-on class, students will perform the following tasks:
• Install and configure FTK and its components, FTK Imager, PRTK and its components, and Registry Viewer.
• Use FTK Imager to preview evidence, export evidence files, create forensic images and convert existing images.
• Create and add evidence to a case in FTK.
• Use FTK to process and analyse documents, metadata, graphics and e-mail.
• Use bookmarks and check marks to efficiently manage and process case data.
• Update and customise the KFF database.
• Conduct Live, Indexed, Internet Keyword and Regular Expression searches in FTK.
• Import search lists for Indexed searches in FTK.
• Create reports that include exported files, custom logos and external information such as hash lists, search results, or PRTK password lists.
• Use custom dictionaries and dictionary profiles to recover passwords in PRTK.
• Use the FTK Data Carving feature to recover BMP, GIF, JPEG, EMF, PDF, HTML and Microsoft Office documents.
• Utilise the index in FTK to create custom dictionaries for PRTK.
• Create regular expressions.• Use Registry Viewer to locate evidentiary information in Windows 9x, 2K and XP registry files.
• Use PRTK to recover user logon passwords from the Windows SAM file and decrypt files with extended ASCII passwords.
• Integrate Registry Viewer with FTK.
• Use FTK and PRTK to recover EFS encrypted files on Windows 2000 and XP systems, including Windows XP SP1 and higher
• Recover forensic information from Recycle Bin INFO2 files.
• Recover forensic information from Windows link files.
• Use PRTK to recover passwords from Microsoft Office documents, decrypt them, and display them in an FTK report in a decrypted format.
The class includes hands-on labs that allow participants to apply what they have learned to a mock case. These performance-based simulations are designed to help participants retain information learned during the training.
There are no currently scheduled classes for this course.
Please call on 01296 621121 or email jackie@dataduplication.co.uk to make a reservation
