STANDARD COMPETENCIES:

 

 I.      Discuss the breaking of encryption

 II.     Discuss the recovery of passwords used to secure files

 III.    Discuss how to make an evidence grade backup of a computer hard disk drive

 IV.     Discuss the correct process for seizing a computer

 V.      Define the benefits and disadvantages of pulling the plug on an NTFS based computer seized

 VI.     Define the structure of the NTFS data storage method and processes tied to erased files and file slack

 VII.    Discuss NTFS and its reliance upon a Master File Table

 VIII.   Discuss the processing of an NTFS RAID system with forensic software

 IX.     Discuss how the ¿recycle bin¿ works and leaves a forensic trail behind

 X       Discuss data streams and how they can hold hidden information

 XI.     Discuss and define Windows2000 and XP encryption methods and how it affects computer evidence processing.

 TOPICAL OUTLINE:

 

 I.      Exercises in breaking of encrypted data and recovery of passwords

 II.     Exercise in creating a backup of a computer hard disk for the purpose of evidence

 III.    Procedures and guidelines for seizing a computer

 IV.     Benefits and disadvantages of turning off the power of an NTFS based computer as it affects forensic data recovery

 V.      Overview of NTFS data storage methods

 VI.     Recovering data from a RAID and NTFS RAID system

 VII.    Examining the evidence trail left by recycle bin

 VIII.   Searching data streams for hidden data

 IX.     How Windows2000 and Windows XP encrypt data and the affect on computer evidence processing