Cybercop 201 - Intermediate Data Recovery and Analysis - IDRA

Tuesday Sep 19, 2017 - 08:00am EDT to Friday Sep 22, 2017 - 05:00pm EDT
Event Description: 

The "Cybercop (CC) 201 - Intermediate Data Recovery and Analysis" (IDRA) course builds on the concepts introduced in "CC 101 - Basic Data Recovery and Acquisition" (BDRA). This course covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked. This course incorporates an investigative scenario, providing hands-on experience with hard drive examination.

Course Structure:

  • Understand Architecture and functionality. Learn about NT and FAT file systems as well as directory entry information.
  • Identify evidentiary files. Understand signature analysis of file headers and file hashing, as well as MD5 and SHA1 hashing algorithms.
  • Recover deleted files. Learn to recover files from the recycle bin, as well as deleted files no longer located in the recycle bin.
  • Learn search techniques and virtual memory. Locate valuable information within virtual memory, unallocated space, slack space, and application metadata. Learn to perform keywords, ASCII, and UNICODE searches.
  • Develop hands-on experience. Examine four different “suspect” hard drives.

IDRA is a three-and-a-half-day classroom course.

Prerequisite:

  • CC 101 – BDRA classroom course.
  • Equivalent training and/or experience may substitute for the prerequisite.
Location: 
7150 Harris Drive
dimondale, MI 48821
United States
Event Cost Information
AmountDescription
$0.00
Free to Law Enforcement
Space Available: 
30 seats
Organizer Information
Event POC: 
ghumphrey@nw3c.org
Event POC Email: 
Event POC Phone: 
8776287674
Category: 
Program Areas: