Advanced Computer Forensics Training

Commitment 5 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


Accelerated and taught in five (5) days, this in-depth Advanced Computer Forensics Training course teaches you advanced computer forensics concepts. This Advanced Computer Forensics course provides students with the latest techniques and methods needed for extracting, preserving and analyzing volatile and nonvolatile information from digital devices. Students will gain exposure to the spectrum of available computer forensics tools along with developing their own tools for special needs situations.

  • 5 days of Advanced Computer Forensics Training with an expert instructor
  • Advanced Computer Forensics Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee



Upon completing this Advanced Computer Forensics Training course, learners will be able to meet these objectives:

Already know how to acquire forensically sound images? Perform file carving? Take your existing forensic knowledge further and sharpen your skills with this Advanced Computer Forensics Training from ENO Institute

  • Apply advanced computer forensic analysis concepts to live casework
  • Respond appropriately to immediate response situations
  • Perform Volume Shadow Copy (VSC) analysis
  • Advanced-level file and data structure analysis for XP, Windows 7, and Server 2008/2012 systems
  • Registry analysis for XP and Windows 7/8 systems
  • Malware detection and analysis
  • Timeline Analysis
  • Windows Application Analysis
  • Mobile Forensics
  • We can adapt this Advanced Computer Forensics Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Advanced Computer Forensics course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Advanced Computer Forensics course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Advanced Computer Forensics course in a manner understandable to lay audiences.

The target audience for this Advanced Computer Forensics Training course:

  • IT professionals involved with information system security, computer forensics, and incident response

The knowledge and skills that a learner must have before attending this Advanced Computer Forensics Training course are:

  • This is a very in-depth training course and is not intended for individuals who have limited or no computer forensics skills.
  • Knowledge of Windows and Unix filesystems
  • Computer Forensics Training


Module 1: Advanced Analysis Concepts
  • Avoiding Speculation
  • Direct and Indirect Artifacts
  • Least Frequency of Occurrence
  • Documentation
  • Convergence
  • Virtualization
Module 2: Immediate Response
  • Prepared to Respond
  • Questions
  • The Importance of Preparation
  • Logs
  • Data Collection
Module 3: VSC Analysis
  • Registry Keys
  • Live Systems
  • Pro Discover
  • F-Response
  • Acquired images
  • VHD Method
  • VMware Method
  • Automating VSC Access
  • Pro Discover
Module 4: File Analysis
  • File System Tunneling
  • Event Logs
  • Windows Event Log
  • Recycle Bin
  • Prefetch Files
  • Scheduled Tasks
  • Skype
  • Apple Products
  • Image Files
Advanced Computer Forensics Training – Module 5: Registry Analysis
  • USB Device Analysis
  • System Hive
  • Software Hive
  • Application Analysis
  • NetworkLst
  • NetworkCards
  • Shell bags
  • MUICache
  • UserAssst
Module 6: Malware
  • Introduction and Overview
  • Malware Characteristics
  • Initial Infection Vector
  • Propagation Mechanism
  • Persistence Mechanism
  • Artifacts
  • Detecting Malware
  • Log Analysis
Module 7: Timeline Analysis
  • Data Sources
  • Time
  • User
  • TLN Format
  • File System Metadata
  • Event Logs
  • Windows
Module 8: Application Analysis
  • Log Files
  • Dynamic Analysis
  • Network Captures
  • Application Memory Analysis
Module 9: Mobile Forensics
  • Keyboard caches containing usernames, passwords, search terms, and historical fragments of typed communication.
  • Screenshots preserved from the last state of an application
  • Deleted images from the suspect’s photo library, camera roll, and browser cache.
  • Deleted address book entries, contacts, calendar events, and other personal data.
  • Exhaustive call history
  • Map tile images from the iPhone’s Google Maps application,
  • Lookups and longitude/latitude coordinates of previous map searches, and coordinates of the last GPS fix.
  • Browser cache and deleted browser objects
  • Cached and deleted email messages
  • SMS messages
  • Deleted voicemail recordings
Advanced Computer Forensics TrainingAdvanced Computer Forensics Training Course Recap, Q/A, and Evaluations


    Are you Human?