EnScript Programming

CPE: 32 créditos. Nivel: avanzado.

Método de enseñanza: grupo.

Nivel NASBA definido: avanzado.

Código: DFIR450.

Duración: 4 días.

Para más información, descargue el programa completo de los cuatro días en PDF:

Temario

About this course

This hands-on course introduces the student to the EnScript language, which is designed to allow users to fully tap into the data processing power of OpenText™ EnCase™ Forensic (EnCase), automate tasks, and create fully functional applications that can be shared with other EnCase users. The class is designed for students who have fundamental programming skills and wish to enhance their investigative techniques through the use of EnScript programming.

Instructors and students will write EnScript applications together. Practical exercises will be used to reinforce the tuition given during the course. Students will learn and practice the skills needed to write intermediate-level EnScript programs that automate searching, interpretation, extraction, bookmarking, and external reporting of data encountered during the examination of computer systems.

Audience

This live course is intended for investigators with intermediate computer skills. A good understanding of the concepts of computer forensics and the EnCase operating environment is required. Individuals considering this course are encouraged to download and complete the EnScript Fundamentals curriculum prior to attending the EnScript Programming course. The class curriculum builds upon the foundation of the DF120 - Foundations in Digital Forensics and DF210 - Building an Investigation courses (formerly EnCase Computer Forensics I and II), continuing with a focus on automating computer examinations through writing EnScript programs.

Prerequisites

Some familiarity with any programming language. Please review the reference materials and the link to the EnScript Fundamentals listed in the course description.

Summary

This course covers programming concepts, including:

Reference materials

The EnScript language has its roots in C++ but also contains mimics some of the functionality offered by C++. Java and JavaScript.

Notwithstanding that the EnScript language is not as fully featured as those languages, it is still expansive and continues to undergo rapid development; it is therefore not possible to cover every aspect of the language in four days. That said, the course aims to give the student a good grounding in those areas of the EnScript language that are most likely to be of benefit during day-to-day forensic examinations.

Programming experience is not a prerequisite for attending the course so as not to discriminate against examiners who would like to learn how to harness the power of EnScript programming but have little or no programming experience. Unfortunately, experience has shown that this can lead to quite a gap between those attendees who are experienced programmers and those who have little or no programming experience.

So as to try and bridge this gap, those sections of the student manual that document fundamental EnScript programming concepts (variables, operators, flow control, functions, and basic class usage/construction) are available for anyone to download in a PDF document free-of-charge. This document, which is entitled “EnScript Fundamentals,” can be downloaded from the following URL:

https://guidancesoftware.box.com/s/eo6yrgylpg32wu4589n4

Inexperienced programmers are expected to review the content of the EnScript Fundamentals document in their own time so as to ascertain if the course is right for them. If they decide to attend the course then they should ensure that they have a good working knowledge of the programming concepts contained therein. Two practical exercises are included (together with suggested answers) to assist with this.

Please note the following: