The computer forensics investigation process is a methodological approach of preparing for an investigation, collecting and analyzing digital evidence, and managing the case from the reporting of the crime until the case’™s conclusion.

Objective

The objective of this lab is to provide expert knowledge about the tools used in the forensic investigation process. This includes knowledge of the following tasks:
Learn about Network Enumeration
  • Recovering deleted file from hard disk
  • Viewing disk raw sectors
  • Using encrypting command
  • Generating hashes and checksum files
  • Calculating the MD5 value of the selected file

Scenario

As an expert computer forensic investigator, you must know how to recover deleted files from digital devices found in the crime scene area and duplicate the evidence so that the original data is not tampered with.

Computer Forensics Investigation Process

Incident Handling Exercises / Computer Forensics Investigation Process contains the following Exercises:

  • Recovering Data Using the Recover My Files Tool
  • Performing Hash, Checksum, or HMAC Calculations Using the HashCalc Tool
  • Generating MD5 Hashes Using MD5 Calculator

The Virtual Private Cloud for this Lab set utilizes:


Incident Handling Exercises are available as part of the following subscription:

CEHproductimage
Each subscription provides 6 months access to over 75 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.

Lab exercises are included for:

  • Trojans and Backdoors
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Forensics Investigation Using AccessData FTK
  • Forensics Investigation Using EnCase
  • Log Capturing and Event Correlation