Title: Applied NTFS Forensics
Year: July 2009 – Version 2.0
Duration: 1 week
The aim of this course is to provide forensic examiners with an understanding of the technology that underpins the NTFS file system and the practical application of that knowledge from an investigator’s perspective. This will also enable them to better assemble evidence for court that is clear and supportive of evidential needs. Training will encompass latest best practice, technologies and techniques available to Law Enforcement specialists.
This course is an Intermediate level module and relates to Forensic Computing. Students are expected to have successfully participated in basic training for High Tech Crime Investigators prior to attending this course. Ideally students should have successfully completed the ECTEG Introductory IT Forensics & Network Investigations course.
Students will need to be able to understand and communicate in English.
Small list of agenda / topics / main points
- General and detailed NTFS file system properties and associated artefacts
If you are interested in applying for theses courses please read following page