Delivery method: Group-Live | NASBA defined level: basic to intermediate. | CPE Credits 32 | Training level Introductory to Intermediate. | Prerequisite None.

Course Description

This hands-on course focuses on the use of EnCase® Enterprise to conduct investigations in a live network environment as well as the administration and advanced use of EnCase® Enterprise. Students will learn how to use EnCase® Enterprise to address internal investigations, electronic discovery, and audits in a manner consistent with recognized standards as well as integrate EnCase® Enterprise with intrusion detection systems.

The students will learn about EnScript® programming for the creation and use of filters and conditions. The Snapshot function will be introduced and used throughout the course, giving the students a thorough familiarity with this key feature. The attendees will learn about preferred enterprise acquisition techniques and eDiscovery collection concepts. The students will use their new-found knowledge and skills to identify and decrypt encrypted files. The students will expand on their knowledge of the function of the EnCase® Enterprise servlet.

Students will learn how to install and configure Secure Authentication for EnCase® (SAFE)
Students will learn how data flows in the EnCase Enterprise environment. The built-in security features of the product will also be discussed
Students will learn about the administration of the SAFE, including the management of network nodes (clients) and Enterprise roles and users
Students will learn how to deploy servlets to supported operating systems (Windows®, *nix, Mac)
Students will learn enterprise-wide versus ad-hoc servlet deployment methods and benefits
Students will optimize network acquisitions in EnCase Enterprise version 6 security
Students will learn how Snapshot and the capture of volatile data can be used to gain a more complete picture of the status of a machine or machines during an incident investigation
Students will learn how using Snapshot with Application Descriptors and Machine Profiles can streamline incident investigations, quickly identifying potentially rogue applications on the network
Students will learn to understand the role of volatile data on network investigations and security
Students will learn to use EnCase® Snapshot to capture and analyze enterprise wide volatile data
Students will learn how to create and filters and conditions to streamline investigations of all kinds
Students will utilize EnCase Enterprise for compromise assessment and process analysis
Students will learn to automate the eDiscovery process using EnCase Enterprise
Students will understand how EnCase Enterprise can rapidly identify and retain data across the network using a set of criteria provided by the examiner
Students will learn the advanced use of the servlet and servlet deployment
Students will learn how to prepare evidence for presentation in court

It is highly recommended that students attend EnCase® Computer Forensics I and II or the five-day implementation training conducted by Guidance’s Professional Services Division. This live course is designed for senior corporate security professionals, auditors, legal professionals and investigators. Students should currently be working with EnCase® Enterprise or employed by an organization that plans to purchase EnCase Enterprise.

Who Should Attend

This course is intended for senior corporate security professionals, auditors, legal professionals, corporate and private investigators, and network security personnel. A basic understanding of the concepts of computer forensics is required. The class curriculum builds upon the foundation of the EnCase® Computer Forensics II, continuing with a focus on the use of EnCase® Enterprise for live, enterprise-wide investigations.

For more information, contact a BitSec training professional toll free at (877) 272-1417 or by email at training(at)bitsecforensics(dot)com