The “Road to CEIC 2013” is a series of blog posts on all things CEIC, before, during, and after, from an insider’s point of view.
For each release of EnCase®, I re-write the free EnCase Essentials course manual, a resource for getting started with EnCase® products. The past few weeks, I’ve had the opportunity to alpha and beta test the upcoming EnCase® Forensic v7.07 software while working on the manual update. As part of the beta testing, I have had the chance to work with the development team and Ken Mizota, product manager, who is dedicated to making EnCase Forensic more efficient, easier to use and incorporate new forensic features.
EnCase Forensic v7.07 will certainly measure up to Ken’s goals and you will be able to have hands-on training with this latest EnCase version in the CEIC Digital Forensics Labs. For example, there are exciting new capabilities in the EnCase Processor. I highly recommend you attend the Making the Most of EnCase Processor lab with Ken and Gary Brown if you use EnCase Forensic to process large amounts of digital evidence.
Custom Analysis with EnCase Forensic v7
For those who use EnCase® Portable and/or the Sweep Enterprise EnScript® for EnCase® Enterprise to collect evidence, you really need to check out Custom Analysis with EnCase v7, again with Ken and Paul Shomo. Paul has spent countless hours with Guidance Software instructors and customers to understand which metadata and registry keys are important to examiners and investigators and why. He then built many report templates to automate reporting and analysis; and took it a step further by allowing you to customize your own Case Analysis Reports to identify the artifacts of the user activities. You can hear more from Paul at his Extending EnCase Forensic 7: Modules and Extensions lab with Hector Carmona.
If automation of forensic examinations continues to be your focus, I suggest Examining Volume Shadow Copies - The Easy Way with Simon Key (@SimonDCKey). Simon is so brilliant and is very generous with his knowledge and skills. The Volume Shadow Copies of a hard drive are a treasure trove of artifacts. Accessing and processing them is very arduous without the VSS Examiner, a free EnScript Simon shares on the EnCase App Central store.
If you are an EnScript or EnCase-compatible product developer, you need to get your credit and compensation for your work and Stake your claim! Alfred Chung, product manager for App Central, will be working hands on with the EnCase App Central submission process; and show some exciting demos from developers and partner companies already selling apps on the store.
There are other experts in the Digital Forensics Lab, including from Passware, Raytheon Pikeworks and G-C Partners, LLC; who have prepared excellent labs on the NTFS Logfile, decryption and Enterprise-Scale Linux Memory Forensics.
The 2013 Digital Forensics Labs:
- Tips and Tricks from Guidance Software Tech Support
- NTFS Logfile Forensics
- Examining Volume Shadow Copies - The Easy Way
- EnCase App Central: Stake your claim!
- Correlating forensic results from multiple operating systems
- Custom Analysis with EnCase v7
- Protected File Analysis in Practice Using EnCase with Passware
- Extending EnCase Forensic 7: Modules and Extensions
- SSD Forensics
- Making the most of EnCase Processor
- Enterprise-Scale Linux Memory Forensics
As a reminder, you can get all of your digital investigation training for the next 12 months with a single line item on your budget expenditure authorization. Between now and May 10, 2013, you will receive a free pass to CEIC 2013, valued at $1295.00 USD with every full-price Guidance Software Annual Training Passport your organization purchases. Use offer code SPRING FORWARD to qualify for this incredibly convenient and valuable offer. Sign Up Here for your Annual Training Passport and receive your free pass to attend CEIC 2013 (@CEIC_Conf #CEIC2013).
Jessica Bair
Senior Director, Curriculum Development
@jessicambair
No comments :
Post a Comment