EnCase Field Intelligence Model, Live Forensics Investigations

This hands-on course is designed for investigators with significant computer skills who want to expand their knowledge of examining live computers, networks, and servers. The class combines forensic examinations with live response in a network environment. Students learn to use the EnCase® Field Intelligence Model (FIM) software to examine a variety of live machines and obtain evidence that may exist or be interpreted only while the target computer is running. Students will also learn how to deploy the FIM and conduct a forensic examination of a remote computer on the Internet. Delivery method: Group-Live. NASBA defined level: basic to intermediate.

This course is intended for law enforcement officers, computer forensic examiners, corporate and private investigators, network security personnel, and Probation/Parole Officers authorized for home monitoring of Probationers and Parolees. A basic understanding of the concepts of computer forensics, networking fundamentals and the Internet is helpful. The class curriculum builds upon the foundation of the EnCase Computer Forensics I and II courses, with a focus on live network communication examinations.

• Understanding the fundamental operations of the FIM
• Introduction to cryptology
• Installing FIM and the Secure Authentication for EnCase
• Understanding TCP/IP protocols
• FIM real-world scenarios
• Configuring networks
• Administering the SAFE
• Installation and advanced servlet pushing technologies: how to deploy the FIM on servers and networks
• Troubleshooting a FIM deployment
• FIM previews and acquisitions
• Software and hardware RAIDs
• Using the FIM Snapshot—identifying open ports, open files, processes and device logons on a live machine
• Understanding port numbers and open ports