DF210- Building An Investigation With EnCase Forensic
DF210- Building an Investigationwith EnCase ForensicDate: 21 March 2017 – 24 March 2017Time: 9:00am to 6pmVenue: Deloitte Training Room 3 at level 20
DF210- Building an Investigation with EnCase ForensicDF210- Building an Investigationwith EnCase ForensicDay 1Day one starts with an overview of the EnCase Forensicversion 8 environment. The students then learn howto collect encrypted information by examining filesencrypted with Windows BitLocker . Attendeesgo on to study the Master Boot Record partitioningmodel and deleted partition recovery. Instructioncontinues with an examination of compound files.Their structures are explored and issues surroundingtheir examination are discussed. Students moveon to explore a very important type of compoundfile structure, the Windows Registry hive file. Theyexplore mounting and examining these files and learnthe relationship of the hive files to the structure of theRegistry in its on-line state. Students then progress toexamining the time zone information contained withinthe Registry, its importance to their case, and how theyapply it in EnCase Forensic. The students are providedintermediate-level instruction concerning instructionregarding the methods for creating conditions to filterdata. Next the students are provided with an overviewof the Evidence Processor and the processing of theMalone case, which will be used throughout the rest ofthe course.The main areas covered on day one include: Review of EnCase Forensic case creation and addingevidence Examining data encrypted with BitLocker Understanding the Master Boot Record partitioningscheme Principles of attempting to recover data lost throughthe partitioning process Partition recovery Compound files–– Mounting and searching compound files–– Documenting data contained within thesecompound files–– Pitfalls of not examining compound files properly02 Windows Registry–– Elements of the Registry–– Registry keys (folders) and values–– Registry value types Locating and mounting the Registry hive files Examination of time zone settings with the Registry Applying time zones within EnCase Forensic Using conditions to filter data Evidence Processor overviewDay 2Day two begins with instructions about the FAT,ExFat, and NT file systems and then the studentswill participate in a practical exercise on examiningall three files systems and their differences. Thecourse continues with the use of the GREP operatorfunctionality of EnCase Forensic to perform advancedsearches. Single-file functionality as well as the value oflogical evidence files are explored. A practical exerciseand review is following with the processing of oursecond case, which concludes the instruction for theday.The main areas covered on day two include: FAT, ExFAT, and NT Files Systems Using the GREP operators within EnCase Forensic toconstruct advanced search terms Suitability of GREP, proper syntax, and potentialresults Single files and logical evidence files
DF210- Building an Investigation with EnCase ForensicDay 3Day three focuses upon specific analysis of commonartifacts that often provide vital information toinvestigations. These specific areas reveal data that canprovide a clearer indication of user activities. Studentswill explore the methods that EnCase Forensic offers toprovide detailed information to the examiner. The finallesson for day three is focused on identifying, locating,and recovering email message and attachments.The main areas covered on day three include: Advanced search techniques Windows artifacts–– User account information and associated data–– System folders and files of interest–– Thumbnail cache files–– Windows 7 specific artifacts–– Folder structure and the effect of junctions (foldermount-points)–– User/administrator privileges and impact onstorage of data–– Links and Library folder content–– System files Shortcut or link files–– Deconstructing link files to reveal internalstructures related to their target files–– Using link files to help determine drive letterassignment The Windows Recycle Bin–– Linking Recycle Bin data to the associated user–– Registry entries controlling operation of the RecycleBin–– Examination of the Recycle Bin, its properties, andfunction–– Exploring the way the Recycle Bin is implementedunder Print spooler recovery–– Understanding the printing process and associatedfiles–– Recovery of SPL and SHD files as well asunderstanding and extracting the graphical andmetadata they contain Email and Internet history–– Examining both client-based and web-based emailand methods available within EnCase Forensic tolocate and parse email data stores–– Recovering and analyzing email attachmentsDay 4Day four begins with instruction on examining variousInternet artifact and moves on to how data locatedon removable USB devices can be examined andrecovered. The students then will participate in apractical exercise focusing on these skills. The weekof instructions concludes with a final practical thatprovides the student with a hands-on review of all thetuition dispensed during the course.The main areas covered on day four include: Internet artifacts Removable USB device identification03
DF210- Building an Investigation with EnCase ForensicTrainer profilesPravin Pandey is an experienced digital forensics examiner and eDiscovery consultantwith 7 years’ of experience in the field. He has worked on numerous cases across theregion and collected and analysed evidence from multiple devices such as laptops,desktops, servers, NAS, mobile devices and cloud-based storage.He has acted for clients across the APAC region on a variety of matters such asenforcement of intellectual property rights, investigation of financial irregularities, theft ofconfidential data, criminal breach of trust and cybercrime.Pravin PandeyAssociate Director Forensic SEAHe has project managed the collection, preservation and processing of data in forensic andeDiscovery matters for a range of local and overseas litigation, arbitration and regulatorymatters. He was lead consultant in these projects and provided invaluable advice whichenabled the clients to streamline their document review and respond to discoveryrequests in a timely and cost-effective manner.Pravin also actively works on cybersecurity projects involving financial institutions andhospitals.He has been published and quoted in Lianhe Zanbao on internet artifacts and haspresented at several conferences on forensics, eDisocvery and cybersecurity issues.He is also a founding member of the HTCIA (High Technology Crime InvestigationAssociation) Singapore Chapter.Pravin is an Encase Certified Examiner.04
DF210- Building an Investigation with EnCase ForensicAlan Dang has over 4 years of digital forensic experience in serving organizations,from a wide range of industries, in conducting and managing complex digital forensicinvestigations.Alan has been instructing and proctoring classes since 2013 and was part of the teamwhich won the Guidance Software ATP Shining Star Award the same year. He has a soundknowledge of several versions of EnCase and computer forensic methodology in general.He has an in depth knowledge of EnCase versions 6, 7 and 8.Alan Dang – TrainerAlan has been involved of training more than 100 students. He is able to share withhis students theoretical and practical knowledge gained from years of conductinginvestigations, he is adept on explaining practical issues and how students can overcomedaily challenges.Alan has also demonstrated EnCase Enterprise and Forensic, as well as other forensicsoftware, to organizations who are keen to explore more about digital forensictechnologies for their infrastructure.Since last year, Alan has been a lead trainer for EnCase. He is qualified to teach the forensicseries of classes.Alan is an EnCase Certified Examiner (EnCE), GIAC Certified Forensic Analyst (GCFA), GIACCertified Forensic Examiner (GCFE), and AccessData Certified Examiner (ACE).Alan has a Bachelor of Computer Science from University of Wollongong, with DigitalSystems Security as his major. Alan is a member of High Technology Crime InvestigationAssociation (HTCIA), an organization with the stated aims to educate and collaborationglobal members for the prevention and investigation of high tech crimes.05
DF210- Building an Investigation with EnCase ForensicLlewelyn Fun has been involved in computer forensic investigations and EnCase trainingsince 2015.In his role as consultant, he has been involved in many cases of various complexities andhas dealt with a wide range of digital media. He is experienced in different types of imagingand analysis methods as well different forensic processes.Llewelyn Fun – TrainerHe performed forensic engagements in the region including the collection of forensicimages for an international arbitration case involving 3 countries and over 40 custodians.He is also part of the SPF framework of approved forensic examiners for consulting onvarious criminal cases and has acted on Anton Piller Order (APO) of various magnitudes.He has been involved in classroom delivery of EnCase training courses and has managedthe training classroom setup for many classes.He has attained the EnCase Certified Examiner (EnCE) qualification and is a member ofthe Hi Tech Crime Investigation Association.He has also attended SANS training and is a GIAC Certified Forensic Examiner (GCFE).From EC-Council, he has attained the Certified Ethical Hacker (CEH), EC-Council CertifiedSecurity Analyst (ECSA) and Computer Hacking Forensic Investigator (CHFI).Llewelyn has previously attended Queensland University of Technology and has aBachelor’s in Information Technology specializing in Information security and forensics.06
DF210- Building an Investigation with EnCase ForensicRegistrationFees per studentSGD 4,000 (price include training materials and teabreak).Registration for more than 5 students will receive 5%discount per student.Registration(Closing Date: Two week before commencing date)Please register the student name for EnCase DigitalForensic DF210.Course EnquiryPlease contact Mr. Alan DangTel: 6800 2293Email: aldang@deloitte.comPaymentCrossed cheques are to be made payable to “Deloitte &Touche Financial Advisory Services Pte Ltd” and mail to:Deloitte & Touche Financial Advisory Services Pte Ltd6 Shenton Way, OUE Downtown Two,#33-00 Singapore 068809Attention: Rokiah Mohamed (FAS – Discovery)Organisation NameNo. of StudentContact ilTelRemarksNote:1. Registration will be confirmed upon receipt of Purchase Order/payment.2. We regret that fees will not be refunded. Replacement is permissible with substitute attendees with writing to us two weeks beforecommence date.3. We reserve the right to make any amendments, cancel and/or change the programme, venue, trainer replacements and/or topics ifwarranted by circumstances beyond our control.4. All fees are exclusive of 7% GST.07
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK privatecompany limited by guarantee (“DTTL”), its network of member firms, andtheir related entities. DTTL and each of its member firms are legally separateand independent entities. DTTL (also referred to as “Deloitte Global”) does notprovide services to clients. Please see www.deloitte.com/my/about to learn moreabout our global network of member firms.Deloitte provides audit, consulting, financial advisory, risk advisory, tax andrelated services to public and private clients spanning multiple industries.Deloitte serves four out of five Fortune Global 500 companies through aglobally connected network of member firms in more than 150 countries andterritories bringing world-class capabilities, insights, and high-quality service toaddress clients’ most complex business challenges. To learn more about howDeloitte’s approximately 245,000 professionals make an impact that matters,please connect with us on Facebook, LinkedIn, or Twitter.About Deloitte Southeast AsiaDeloitte Southeast Asia Ltd – a member firm of Deloitte Touche TohmatsuLimited comprising Deloitte practices operating in Brunei, Cambodia, Guam,Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailandand Vietnam – was established to deliver measurable value to the particulardemands of increasingly intra-regional and fast growing companies andenterprises.Comprising 290 partners and over 7,400 professionals in 25 office locations, thesubsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technicalexpertise and deep industry knowledge to deliver consistent high qualityservices to companies in the region.All services are provided through the individual country practices, theirsubsidiaries and affiliates which are separate and independent legal entities.About Deloitte SingaporeIn Singapore, services are provided by Deloitte & Touche LLP and its subsidiariesand affiliates. 2016 Deloitte & Touche LLP 2016 Guidance Software, Inc. All Rights Reserved. EnCase , EnScript ,FastBloc , EnCE , EnCEP , Guidance Software , LinkedReview , EnPoint and Tableau are registered trademarks or trademarks owned by GuidanceSoftware in the United States and other jurisdictions and may not be usedwithout prior written permission. All other trademarks and copyrightsreferenced in this press release are the property of their respective owners.
From EC-Council, he has attained the Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA) and Computer Hacking Forensic Investigator (CHFI). Llewelyn has previously attended Queensland University of Technology and has a Bachelor’s in Information Technology specializin
DNV has a long history of providing incident investigation services and . 2. Need for incident investigation 3. Investigation process 4. Investigation assessment – selected results 5. Findings of investigation - recommendations and expectations 6. Comments from GenCat 7. Concluding remarks
Ceco Building Carlisle Gulf States Mesco Building Metal Sales Inc. Morin Corporation M.B.C.I. Nucor Building Star Building U.S.A. Building Varco Pruden Wedgcore Inc. Building A&S Building System Inland Building Steelox Building Summit Building Stran Buildings Pascoe Building Steelite Buil
BUILDING CODE Structure B1 BUILDING CODE B1 BUILDING CODE Durability B2 BUILDING CODE Access routes D1 BUILDING CODE External moisture E2 BUILDING CODE Hazardous building F2 materials BUILDING CODE Safety from F4 falling Contents 1.0 Scope and Definitions 3 2.0 Guidance and the Building Code 6 3.0 Design Criteria 8 4.0 Materials 32 – Glass 32 .
Science investigation (Open ended investigation) Scientific investigation is a holistic approach to learning science through practical work (Woolnough, 1991). ―The aim of science investigation is to provide students opportunities to use concepts and cognitive processes and skills to solve problems‖ (Gott & Duggan, 1996, p. 26).
Stantec Geotechnical Investigation City of Winnipeg Street Investigation WX19092 June 2020 Page i of iv Environment & Infrastructure Solutions 440 Dovercourt Drive, Winnipeg Manitoba, Canada R3Y 1N4 Phone: (204) 488-2997 www.woodplc.com Geotechnical Investigation City of Winnipeg Street Investigation Wood Project Number - WX19092 Prepared for:
Existing technologies repertoire Potential for industrialisation RHINO AND GRASSHOPPER TUTORIALS weeks 1 - 2 weeks 3 - 7 weeks 8 - 12 weeks 13 - 14 INVESTIGATION 01 Plant-based materials INVESTIGATION 02 Earth-based materials INVESTIGATION 03 Digital fabrication techniques INVESTIGATION 04 Historical references INVESTIGATION 05 Contemporary .
REPORT OF INVESTIGATION UNITED STATES SECURITIES AND EXCHANGE COMMISSION OFFICE OF INSPECTOR GENERAL Case No. OIG-509. Investigation of Failure of the SEC To Uncover Bernard Madoff's Ponzi Scheme. Executive Summary . The OIG investigation did not find evidence that any SEC personnel who worked on an SEC examination or investigation of Bernard . L.
STM32 32-bit Cortex -M MCUs Releasing your creativity . What does a developer want in an MCU? 2 Software libraries Cost sensitive Advanced peripherals Scalable device portfolio Rich choice of tools Leading edge core Ultra-low-power . STM32 platform key benefits More than 450 compatible devices Releasing your creativity 3 . STM32 a comprehensive platform Flash size (bytes) Select your fit .
