This course is designed to provide participants with a detailed study of password extraction and decoding techniques through a variety of lectures, instructor-led and independent hands-on practical exercises. The number of cases involving these mechanisms are growing in numbers every day as encryption and data protection are being implemented by default on many devices. Know how to detect it and mitigate it, is extremely important in digital forensics. This course will start with a deep dive into encryption and password protection implications to general digital forensics and from there cover major file types, operating systems protections, hardware and software tools and ways to mitigate. Throughout the class topics covered will include differences between encryption and password protection, PGP, hashing, full disk encryption and file encryption, entropy, 2 factor authentication, password managers, Bitlocker, FileVault, EFS, UFS, KeyChain, memory analysis, Office documents and many other concepts and applications of both encryption and passwords.
At the end of this course, students will have a deep understanding of the subject, how and if there is a way of mitigation, how to break or circumvent different types of protections and how knowledge can play a significant role in the forensic and investigative process. Students will learn how to apply learned techniques for recovering a password or decrypting data as each day includes extensive hands-on exercises that are applicable to many digital forensic investigations.
At the end of the course, all participants will take on an exam and after successful completion will be given an official certificate for passing and attending the course.
To obtain the maximum benefits from this class, students should have basic computer skills, good knowledge of digital forensics and working in Windows operating system.