DF410 - NTFS Examinations with EnCase

Course Overview

This hands-on course provides technical information about the NT File System (NTFS), its role within the Microsoft® Windows operating system, and other related topics, such as Windows device management and the Windows boot process. The class addresses the on-disk structure of NTFS, including an in-depth analysis of the Master File Table ($MFT), its records, and the MFT record attributes contained within those records. Detailed information is provided with regards to deleted NTFS file/folder recovery and a significant practical exercise demonstrates how sector-level recovery is made possible using advanced knowledge of NTFS. Additional information is provided with regards to the manipulation of alternate data streams as well as the way in which reparse points act as mount-points for volumes, folders, and external data. The value and structure of Update Sequence Number (USN) change-log data is discussed following which detailed information is provided with regards to the structure of NTFS indexes (folders) and how the index records relating to deleted files and folders may be located and parsed.

Prerequisites

Advance preparation for this course is not required. DF210 - Building an Investigation with EnCase or EnCE Certification.

Audience Profile

This course is intended for law enforcement officers, corporate & private investigators, computer forensic examiners, & network security personnel. A fundamental understanding of the concepts of computer forensics & is needed. The class curriculum builds upon the instruction included in the DF210-Building an Investigation course, continuing with a focus on NTFS and advanced Windows examinations.

Learning Objective

Refer course overview

Content Outline

The course provides in-depth coverage on artifacts, including:
●    The Common Log File System (CLFS)
●    Windows device management, device drivers, system services, and device configuration
●    Use of the Windows Data Protection API (DPAPI) to store removable disk passwords in the user’s Registry
●    The Windows BIOS/UEFI boot process and Boot Configuration Database (BCD)
●    The NTFS volume boot record and other metadata files
●    The structure of the Master File Table ($MFT), $MFT records, and $MFT record attributes
●    Sector-level recovery of a fragmented file from an overwritten NTFS volume
●    Alternate data streams
●    Reparse points
●    The Update Sequence Number (USN) change-log journal
●    NTFS directories (filename indexes), index entries and index buffers
●    Link files, object IDs, and the Link Tracking Service (LTS)
●    NTFS compression
●    Windows user accounts, security groups, and security descriptors
 

FAQs

A: To attend the training session, learners should have operational Desktops or Laptops with the needed specifications and a decent internet connection to access labs.

 A: We would always suggest you attend the live session to practice & clarify the doubts instantly & get more value from your investment. However, due to some contingency, if you have to skip the class, Radiant Techlearning will help you with the recorded session of that specific day. However, those recorded sessions are meant only for personal consumption & NOT for distribution or commercial use.

 A: Radiant Techlearning has a data center with a Virtual Training environment for the learners.

Participants can easily access these labs over Cloud with the help of a remote desktop connection.

Radiant virtual labs allow you to learn from anywhere, globally, and in any time zone.

 A: The individuals will be enthralled as we engage them in real-world & industry Oriented projects during the training program. These projects will enhance your skills and knowledge & you will gain a better experience. These real-time projects will assist you a lot in your future tasks & assignments.

 A: Radiant Telelearning offers customized solutions and training programs for individuals, teams & businesses depending on their needs. Here is how we assist each one through our diverse formats.

Individuals / One-O-One Training

●      Focused learning sessions
●      Programmed scheduling according to your choice
●      Get personalized attention
 
Opt what technology interests you
●     Teams- Enroll for our Online public or Classroom batches
●     Get our specialized updated content for various skill levels
●     Get on-demand learning & solve problems quickly
●     Get assistance from the ground level through sequential learning 

Enterprise:
●     Get customized training programmed and solutions that can be curated for your business
●     Meet the requirements of all learners
●     Let your workforce be geared up for all kinds of problem-solving
●     Inspire your teams for future
●     Update your workforce with the latest information from technology and business leadership to marketing.
 

A: Radiant Telelearning has a large pool of in-house certified trainers & consultants with solid backgrounds and working experience in the technology.

Radiant Telelearning offers more than 800+ courses & for each course, Radiant has identified ideal-in-class instructors.

Radiant has highly intensive selection criteria for Technology Trainers & Consultants who provide you with training programs. Our trainers & consultants undergo a rigorous technical & behavioral interview & assessment process before they are boarded in our company.

Our Technology experts/trainers & consultants carry a deep-dive understanding of the technical subject & are certified by the OEM. Our faculty will deliver you the knowledge of each course from the basic level in an easy way & you are free to ask your doubts any time from your respective faculty.

Our trainers have the patience & ability to explain complex concepts in a simplistic way with depth & width of knowledge.

 

A: Radiant believes in a practical & creative approach to training & development, distinguishing it from other training & development platforms. Moreover, training courses are undertaken by experts with a wide range of experience in their domain

 

Send a Message.


  • Enroll