±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32795
New Yesterday: 2 Visitors: 136

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Ence encase certified examiner

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

Ence encase certified examiner

Post Posted: Mon Aug 21, 2017 5:12 am

hi all ,

i need to know what is necessary for being Ence , till now i have worked for about 2 years with encase and finished studying this book
eu.wiley.com/WileyCDA/...01063.html
so what to do next ?
any recommendations after this book , is this enough to be certified ?

thanks Smile  

Hashad
Newbie
 
 
  

Re: Ence encase certified examiner

Post Posted: Mon Aug 21, 2017 7:34 am

I looked at the link and it said the date was Sept 2012 for the release. If you're not using v7 of EnCase, you should become familiar with it because the test will cover portions of that.

If you're looking to take the EnCE test, its a 2-part test. You should read this from GSI's site to help you out.

There is a study guide that will show you much of what you need to know HERE

Part 1 is multiple choice. As long as you do your homework on best practices, terminology, hardware, etc... most people pass it the first time around.

Part 2 is called the 'practical' exam which means they will give you data to analyze and you have to create a forensic report to submit. They want to know you have good analytical skills as well as be able to translate that to paper. The reason most people fail this test is because the end result is unorganized and it does not show the progress of how the answers were found.

I would look for other more recent resources or books to help you study than the book, but its a good certification to have especially if your employer using Encase and is willing to pay for your certification.  

jpickens
Senior Member
 
 
  

Re: Ence encase certified examiner

Post Posted: Mon Aug 21, 2017 7:40 am

Prerequisites:
64 hours of authorized Computer Forensic Training (EnCase courses, or applicable CF courses)
or 12 Months of Qualified Work Experience

I would highly recommend either:
- Guidance's EnCE Boot Camp course or
- EnCE exam at the EnFuse conference (exam is free at EnFuse with conference registration)

You will have study groups for the exam at both events.

But the cert will be
1. Written exam
2. Hands on CF Practical (after passing the written exam)

Both are not easy. But studying will help.

The ENCE study guide text is old. Covers an early version of EnCase 7. But still references a lot of important CF and EnCase info.

Inquire with the EnCase Certification dept on which version the EnCE is tested on.  

bntrotter
Senior Member
 
 
  

Re: Ence encase certified examiner

Post Posted: Tue Aug 22, 2017 1:43 am

- jpickens
I looked at the link and it said the date was Sept 2012 for the release. If you're not using v7 of EnCase, you should become familiar with it because the test will cover portions of that.

If you're looking to take the EnCE test, its a 2-part test. You should read this from GSI's site to help you out.

There is a study guide that will show you much of what you need to know HERE

Part 1 is multiple choice. As long as you do your homework on best practices, terminology, hardware, etc... most people pass it the first time around.

Part 2 is called the 'practical' exam which means they will give you data to analyze and you have to create a forensic report to submit. They want to know you have good analytical skills as well as be able to translate that to paper. The reason most people fail this test is because the end result is unorganized and it does not show the progress of how the answers were found.

I would look for other more recent resources or books to help you study than the book, but its a good certification to have especially if your employer using Encase and is willing to pay for your certification.


thanks a lot Smile
but i used encase in my work for about 2 years and i red the book which covers encase 7
but i look forward to study more just to pass the first stage which is multiple choice , this is the point so if you can help me with some resources please do Smile  

Hashad
Newbie
 
 
  

Re: Ence encase certified examiner

Post Posted: Tue Aug 22, 2017 1:45 am

- bntrotter
Prerequisites:
64 hours of authorized Computer Forensic Training (EnCase courses, or applicable CF courses)
or 12 Months of Qualified Work Experience

I would highly recommend either:
- Guidance's EnCE Boot Camp course or
- EnCE exam at the EnFuse conference (exam is free at EnFuse with conference registration)

You will have study groups for the exam at both events.

But the cert will be
1. Written exam
2. Hands on CF Practical (after passing the written exam)

Both are not easy. But studying will help.

The ENCE study guide text is old. Covers an early version of EnCase 7. But still references a lot of important CF and EnCase info.

Inquire with the EnCase Certification dept on which version the EnCE is tested on.


the version of encase in exam is v 8 , so i look for more to study as which i'm afraid of is the written exam so if you know anything will help me in this please tell as i can't attend enfuse or the course in this period
thanks Smile  

Hashad
Newbie
 
 
  

Re: Ence encase certified examiner

Post Posted: Tue Aug 22, 2017 10:01 am

It looks like the forum problems the other night ate my original post.

For the multiple choice, you need to understand EnCase itself, Windows, NTFS and FAT forensics. Look at the syllabi for Forensics I, Forensics II and EnCE Review. Anything from the courses can be on the test. The current course names are DF120 (Foundations in Digital Forensics) and DF210 (Building an Investigation).

Some of my favorite books are Carrier's File System Forensic Analysis, Carvey's Windows Forensic Analysis, and Anson and Bunting's Mastering Windows Network Forensics and Investigation. The problem with these books is that they don't map directly to the EnCE test.

I used the EnCE book some but it was obviously dated (and I tested on v7). Most of my study was with the actual course books from Guidance Software.

Since you don't have access to the training, I would read through the course descriptions/syllabi and make every item a research project. Research each item, make notes that you can study from, then move on to the next bullet point. Repeat that process until you've covered everything listed.

Make sure you do some hands-on work for these items, using EnCase if possible. You're going to need to know how to work with these items within EnCase on the practical. Your submission for the practical exam is an EnCase report which means that everything has to be processed within EnCase. I don't think you can even open the .ex01 they give you for the exam with another forensics program. So, you can't use another tool with more push-button capabilities to find the answer.  

tracedf
Senior Member
 
 
  

Re: Ence encase certified examiner

Post Posted: Wed Aug 23, 2017 9:18 am

H,

I recently passed my EnCE and am now a certified examiner.

I purchased a Training passport from Guidance Software and took Modules DF120, DF210 & the Prep course, the instructors were really good, in addition to this, I brought the EnCE study as you did. I also did the free tests included many times over in the text book which really helped.

It was hard work and but I enjoyed it, the feeling when I passed was really worth all the work.

My background is Finance with some IT, but I wanted a career change and this seemed like the best course to do.

Now I just have to find a job!

Good luck.

* Edited to add I believe that they are only using Version 8 software now.  

jatinder
Newbie
 
 

Page 1 of 2
Go to page 1, 2  Next