Forensic Explorer Examiner Training And Certification

NEXT CLASS: PART OF THE PACIFIC NORTHWEST DIGITAL FORENSIC BOOTCAMP

CLASS LOGISTICS AND LOCATION: Class times are 9:00 AM to 5:00 PM daily. Unless otherwise noted, all classes will be held in Lynnwood Washington at Edmonds Community College. Specific classroom locations will be emailed to you once you enroll. The closest airport is Seattle-Tacoma (SeaTac). Information on lodging can be found here.

Forensic Explorer is a tool for the preservation, analysis and presentation of electronic evidence. Forensic Explorer is the tool of choice for law enforcement, government, military and corporate investigations agencies throughout the globe. The software is intuitive, easy to use, and has more capabilities than any other forensic tool currently available.
 

Who Should Attend

  • Digital Forensics Professionals
  • Incident Response Personnel
  • Information Security Professionals
  • IT Managers
  • Law Enforcement Personnel
  • Legal Professionals
  • Network Administrators
  • System Administrators

Learn More

Run, customize or create scripts to automate complex tasks: skin tone, file export, registry analysis and more.

Never pay for a major version release!
Current maintenance = Current release

Day 1

Forensic Explorer Overview and Introduction
Key program features
  • Installation
  • Forensic analysis work station – system settings and configuration
  • Case management
  • Dongle activation and update management
  • Advanced Wibu key and network configuration
  • Maintenance FEX License and Wibu key
Forensic Acquisition
  • Write blocking vs Write protection
  • Network examinations and analysis
  • GetData Forensic Imager
Creating a Digital Case
  • Adding and removing evidence within FEX
  • Assessing and previewing evidence
  • Creating, converting previews and saving a case
  • Creating and managing investigators profiles
  • Understanding the evidence processor

Day 2

Forensic Explorer Interface
  • Module data interpretation
  • Customizing layouts
  • Process logging and prioritizing
  • Date and time verification
  • Digital forensics date and time analysis
  • FAT, HFS, CDFS file system date and time
  • NTFS, HFS+ file system date and time
  • Date and time information in the Windows registry
Case Investigation and Analysis
  • Module structure and overviews
  • Folder tree structure
  • Categories filters
  • Data Views
    • File list
    • Gallery
    • Disk views
    • Category graph
  • File Views
    • Hex and text
    • Bookmark
    • Byte plot and character distribution
    • Display – (Native interpretation)
    • File system record
    • Metadata
    • File extent
    • Property viewer (Email Module)
Data Management
  • Filters
  • Data and file view internal searching
Keyword and Index Searching
  • Keyword Search – Management
    • Text
    • Hexadecimal
    • Regular Expressions (PCRE)
  • dtSearch analysis and searching techniques
Bookmarking – Investigator’s Notes and Observations
  • Relationship between bookmarks and reports
  • Manual and automated bookmarking
  • Modification of bookmarks
Hash Analysis
  • Hash values
  • Hash algorithms
  • Hash sets
  • Creating hash sets
Signature Analysis and File Carving
  • File signature analysis
  • Signature/File header and footer identification
  • File algorithm analysis

 

Day 3

Email Module
  • Microsoft Outlook .PST email analysis
  • Identifying and analysis of email attachments
Registry Module
  • Automated registry analysis
  • Deleted registry keys
Introduction to FEX Scripting Functionality
  • Script functionality behind the FEX Interface
  • Using automated scripts
Examining Shadow Copy
  • Shadow copy identification
  • Shadow copy file carving
  • Shadow copy forensic analysis
Live Boot / Mount Image Pro / Virtual Machine
  • Running Live Boot to show a virtual environment of subject evidence
  • Password bypass/recovery of user accounts
  • Recreating historic restore points
Report Management
  • Creating manual reports
  • Creating templates
  • Saving and exporting templates
  • Exporting reports
Final Hands-on Practical
  • Practical assessment covering all aspects of the previous day’s activities
  • Award “Certified Forensic Explorer Examiner” certificate on successful course completion