Applied NTFS Forensics

Title: Applied NTFS Forensics
Year: July 2009 – Version 2.0
Duration: 1 week

Course Aim

The aim of this course is to provide forensic examiners with an understanding of the technology that underpins the NTFS file system and the practical application of that knowledge from an investigator’s perspective. This will also enable them to better assemble evidence for court that is clear and supportive of evidential needs. Training will encompass latest best practice, technologies and techniques available to Law Enforcement specialists.


This course is an Intermediate level module and relates to Forensic Computing. Students are expected to have successfully participated in basic training for High Tech Crime Investigators prior to attending this course. Ideally students should have successfully completed the ECTEG Introductory IT Forensics & Network Investigations course.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

Content includes:

  • General and detailed NTFS file system properties and associated artefacts

If you are interested in applying for theses courses please read following page