EnCase Enterprise Examinations

This course is intended for senior corporate security professionals, auditors, legal professionals, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase Computer Forensics II, continuing with a focus on the use of EnCase Enterprise for live, enterprise-wide investigations.

Students will learn about EnScript® programming for the creation and use of filters and conditions. The Snapshot function will be introduced and used throughout the course, giving the students a thorough familiarity with this key feature. The attendees will learn about preferred enterprise acquisition techniques and eDiscovery collection concepts. The students will use their new-found knowledge and skills to identify and decrypt encrypted files. The students will expand on their knowledge of the function of the EnCase Enterprise servlet.

• Students will learn how to install and configure Secure Authentication for EnCase (SAFE)
• Students will learn how data flows in the EnCase Enterprise environment. The built-in security features of the product will also be discussed
• Students will learn about the administration of the SAFE, including the management of network nodes (clients) and Enterprise roles and users
• Students will learn how to deploy servlets to supported operating systems (Windows, UNIX, Linux, Mac)
• Students will learn enterprise-wide versus ad-hoc servlet deployment methods and benefits
• Students will optimize network acquisitions in EnCase Enterprise security
• Students will learn how Snapshot and the capture of volatile data can be used to gain a more complete picture of the status of a machine or machines during an incident investigation
• Students will learn how using Snapshot with Application Descriptors and Machine Profiles can streamline incident investigations, quickly identifying potentially rogue applications on the network
• Students will learn to understand the role of volatile data on network investigations and security
• Students will learn to use EnCase Snapshot to capture and analyze enterprise wide volatile data
• Students will learn how to create and filters and conditions to streamline investigations of all kinds
• Students will utilize EnCase Enterprise for compromise assessment and process analysis
• Students will learn to automate the eDiscovery process using EnCase Enterprise
• Students will understand how EnCase Enterprise can rapidly identify and retain data across the network using a set of criteria provided by the examiner
• Students will learn the advanced use of the servlet and servlet deployment
• Students will learn how to prepare evidence for presentation in court