Sep 11

As I mentioned elsewhere on my site, I had the luxury of attending the EnCE Prep Class offered by Guidance Software.  In the class we reviewed various techniques and we received an EnCE study guide that was essentially a compilation of the manuals for the Guidance Software Computer Forensics 1 and Computer Forensics 2 courses.  I had also purchased The Official EnCE Study Guide by Steve Bunting and William Wei to augment my studies.  

After passing the written portion of the exam, I felt as though studying the questions at the end of the chapters in The Official EnCE Study Guide would have been sufficient to pass the written exam.  I thoroughly enjoyed the class and if you have the means I’d suggest taking it.  If you are unable to take it, just be sure that you are very comfortable answering the questions at the end of each chapter of The Official EnCE Study Guide.   

The EnCE practical exam, however, was a different beast.  While the Bunting and Wei book helped me out with much of the exam, I also had to do a good deal of digging on the internet in order to find the information that I needed to complete the practical. As I’ve also previously mentioned, I believe the EnCase certification process has helped me become a better examiner. I routinely use the skills I used\learned while completing the EnCE practical and it was for these two reasons that I documented my notes and developed the Forensic Secrets eBook.

 The Forensic Secrets eBook contains in-depth coverage of:

  • First response techniques
  •  Recovering deleted partitions and files
  • Registry analysis techniques
  • Resident vs. Non-resident files
  • Internet cookie analysis
  • Concise definitions for unused disk area, unallocated clusters, pagefile.sys, hiberfil.sys, volume slack, file slack and RAM slack.
  • Tips for EnCase reporting
  • Link file analysis
  • Removable media (USB) analysis
  • SID analysis
  • $MFT analysis
  • Internet history analysis
  • Recycle bin analysis
  • Microsoft Office file analysis
  • Data hiding techniques
  • Password guessing techniques
  • and much more 

To be clear, the Forensic Secrets eBook is not a braindump of the EnCE practical exam.  If that is what you are looking for, please look elsewhere.  If you are looking for a concise guide to the principals and techniques that are tested on the EnCE practical, the Forensic Secrets eBook is for you. 

In conclusion, if you are looking to obtain EnCase Certification my first recommendation would be to take the EnCE Prep class offered by Guidance Software to refresh your skills and prepare you for the written portion of the exam.  If you are unable to attend the EnCE Prep class, I would highly recommend purchasing The Official EnCE Study Guide and the Forensic Secrets eBook.  The official study guide will help you prepare for the written exam and the Forensic Secrets eBook will help you ace the EnCE practical.

  • Share/Bookmark
Posted in Uncategorized | No Comments »

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.