Paraben's Device Seizure Field Kit

Paraben is pleased to announce the release of the Device Seizure Field Kit. Rugged, portable, and expandable, this comprehensive handheld forensic field kit allows you to take your lab out into the field to perform complete forensic exams of cell phones, PDAs, GPS devices, and related media (SIM cards, Micro SD Cards, Flash Drives, etc.).

The Device Seizure Field Kit Includes:

* One license of Device Seizure to acquire, analyze, and report on over 1,900 different devices
* All the components of the Device Seizure Toolbox including data cables, power management, a SIM card reader, and more
* A 1.6 GHz Laptop with 1 MB RAM and a 120 GB hard drive used to perform acquisitions and analysis
* One CSI Stick for even more convenient field acquisitions
* One license of Forensic Replicator to acquire data from different media you may encounter in the field
* One license of Case Agent Companion for quick analysis of non-device related data acquired in the field
* One license of P2 eXplorer to mount images as a virtual drive
* Various media card readers
* Rugged carrying case
* One year software and new cable subscriptions

This field kit is expandable, allowing you to add your other forensic tools for any type of digital examination anywhere, anytime. You can learn more about the Device Seizure Field Kit at http://www.paraben-forensics.com/catalog/product_info.php?products_id=501.

Do you already have Device Seizure and Toolbox? You can buy a conversion kit to upgrade your products to a Device Seizure Field Kit at http://www.paraben-forensics.com/catalog/product_info.php?cPath=25&products_id=500.

Thank you,
Paraben Corporation

What are the phases of the EnCE® exam?

What are the phases of the EnCE® exam?
The EnCE® exam has two phases:

• Phase I of the EnCE® exam is a computer-based test administered by Prometric. Students must obtain a grade of 80% or higher to pass and proceed to Phase II.
• Phase II is a practical test requiring students to examines computer evidence that is sent to them via CD-Rom. Students must submit their findings report to the certification coordinator within 60 days and receive a grade of 85% of higher to pass. A 30-day extension may be granted in certain circumstances. Candidates successfully passing Phase I and II of the process are awarded the EnCE® designation.

How much does the EnCE® program cost?
The total cost for the EnCE® program is $200.00(USD) in the USA and $225.00(USD) internationally . This fee is paid to Prometric to take the Phase I computer-based test. When you register for Phase I of your EnCE® test with Prometric, you will notice the price is listed from $750.00 to $1000.00 (USD). After you enter in your voucher number provided by the Guidance Software certification coordinator, the test price will change to the discounted price. EnCE® certification is inexpensive compared to other professional and IT certifications. The cost was intentionally kept low, as Guidance Software understands many users, especially in the public sector, will not be reimbursed for the fee.

What materials can I use to study for the EnCE® computer-based test?
Guidance Software offering free EnCase® Certified Examiner Study Guides for the computer-based test administered by Prometric. All EnCE® candidates whose applications are approved by the Certification Coordinator will receive a free EnCE® Study Guide by mail. The study guide covers the four parts of the test administered by Prometric including: Examining Computer Based Evidence With Encase®, Computer Knowledge, Good Forensic Practices, and Legal.

If your application for the EnCE® program has been approved and you have received a Prometric voucher number, but have not received you EnCE® Study Guide, please fill out our online Study Guide Request or contact the Guidance Software Certification Coordinator at (626) 229-9191, ext. 513, or email us at certification@guidancesoftware.com

We recommend candidates familiarize themselves with information contained in the following publications:

• EnCase® Legal Journal by Guidance Software
• EnCase® User's Manual by Guidance Software

The EnCase® Forensic Methodology Training manuals also serve as helpful study material. The EnCase® Legal Journal can be downloaded in Adobe Acrobat Reader from Guidance Software's Web site. The EnCase® User's Manual can also be downloaded from Guidance Software's Web site (EnCase® software user name and password required). Some suggested resources for the Computer Knowledge and Good Forensic Practices sections are:

• How Computers Work by Ron White
• Handbook of Computer Crime by Eoghan Casey

What topic areas does the EnCE® computer-based test cover?

• Examining computer based evidence with EnCase®
• The EnCase® Evidence File
• EnCase® Concepts
• The EnCase® Environment
• Searching
• File Signature and Hash Analysis
• Computer Knowledge
• Understanding Data and Binary
• The BIOS
• Computer Boot Sequence
• File Allocation Table Systems
• Computer Hardware Concepts
• Good Forensic Practices
• First Response
• Acquisition of Digital Evidence
• Operating System Artifacts
• Legal (North American EnCE® candidates only)

How do I renew my EnCE®?
The EnCE® designation is valid for two years from the date it is earned. EnCase® Certified Examiners are required to earn sixty-four (64) credit hours of documented continuing education in Computer Forensics or Incident Response every two years to maintain their certification. The training should either be from Guidance, your agency, or an accredited source. You can earn one credit hour for each classroom hour of training and 1/2 credit hour for each one hour of instruction as a Computer Forensics or Incident Response curriculum instructor. Your expiration date is listed on your wallet card. In order for training to qualify for renewal it needs within the two year time period. (Example: If you were certified on 1/1/2005, only training taken between 1/1/2005 and 1/1/2007 would qualify for renewal credits.)

If you were not given certificates, please put the following information in a letter.

Date of the Class
Number of hours
Name of the class
Who provided the training
Short description of the class

When you are ready to submit your renewal credit, please fill out the EnCE® Renewal Form, attach renewal documentation and either mail, fax, or scan/email to:

Certification Coordinator
Guidance Software, Inc.
215 N. Marengo Ave. 2nd floor
Pasadena, CA 91101
Email: certification@guidancesoftware.com
Fax: (626) 432-9558

What if my voucher expires or did not finish my Phase II test before the due date?
- If the Phase I voucher expires, simply contact the Certification Coordinator to obtain a new voucher.
- If anyone does not turn in the Phase II practical with in the time allotted them, they will be required to wait 2 month from the date that the test would have been due and then start the EnCE® process over starting at Phase I.

What if I fail the test?
- Anyone who does not obtain a grade of 80% to pass the Phase I test will be required to wait 2 months before a new voucher will be issued.
- Anyone who does not obtain a grade of 85% to pass the Phase II Practical will be required to wait 2 months before they will be allowed to retest. Those who fail the Phase II will be required to start over at Phase I .
- A new application will be needed if organization of personal information has changed during the 2-month wait period.

Contact Guidance Software's EnCE® certification coordinator at:
Guidance Software
Certification Coordinator
215 North Marengo Avenue
Second Floor
Pasadena, CA 91101
Tel: (626) 229-9191 x 513
certification@guidancesoftware.com

PTK Beta release is coming on May 30th!

DFLabs team planned a webinar for that date at 5:00 PM italian time(GMT +01:00), during which you will attend a fully functional demo ofthe PTK Beta version.

PTK is an alternative advanced interface for the suite TSK (The SleuthKit). PTK was developed from scratch and besides providing thefunctions already present in Autopsy Forensic Browser it implementsnumerous new features essential during forensic activity. PTK is notjust a new graphic and highly professional interface based on Ajaxtechnology but offers a great deal of features like analysis, searchand management of complex cases of digital investigation. The corecomponent of the software is made up of an efficient Indexing Engineperforming different preliminary analysis operations during importingof every evidence. PTK allows the management of different cases anddifferent levels of multi-users. It is possible to allow more than oneinvestigators to work at the same case at the same time. All thereports generated by an investigator are saved in a reserved sectionof the Database. PTK is a Web Based application and builds itsindexing archive inside a Database MySQL, using thus the constructionLAMP(Linux-Apache- MySql-PHP) .

PTK main features:

* Preliminar indexing phase

* Efficient File analysis

* Dynamic Timeline

* File Categorization

* Gallery view

* Indexed keyword search

* Personal bookmark section

* Cases features shared between multiple investigators

* Memory Dump Analysis

Others features:

* Improved Usability, Ajax Based

* Dynamic web application with a centralized database. Now moreinvestigators will be able to be er work on the same case simultaneously.

* Extensible with other tools

* Log of all operations

* Many browser are supported.

* PTK is a forensic analysis interface, it is not strictly devoted toincident response

* Its scope is helping small groups of investigators to reach the goalwith reduced budget

* Can be furtherly enhanced with the concurrent engineering anddevelopment participation

Here are the new features that are included in the Beta release.

***Memory Dump Analysis***T

The first PTK extension includes Volatility 1.1.1, a useful tool foranalyzing dump of RAM memory. It's possible to retrieve these informations:

- active connections

- dlls loaded in any process

- open file handles

- kernel loaded modules

- processes

- sockets

- ETHREAD objects

- Virtual Address Descriptors (VAD) of any process

PTK also implements a Live Keyword Search on ram images, based onAscii andUnicode strings.

***Gallery Analysis***

PTK comes with a new tab for gallery analysis: it¹s now possible tosearch for graphic files using an easy tree-view of the evidence disk.

***Graphic Timeline***

A new effective graphic timeline allows to view MAC time trends. Aline chart shows time details and total amounts for Modified, Createdand Accessed files; user can choose among daily, monthly and yearlyview and can also work using zoom and scroll controls.

***File analysis with Ajax pagination** *

The file analysis section is now enhanced: development teamimplemented an Ajax pagination system for file content visualization,so reducing page loading and avoiding system crashes.

The software is totally free. If you want to follow the webinar, jointhe PTK testing program or take part to the PTK development, pleasecontact us at ptk@dflabs.com. You will be able to download the PTKpackage and send feedbacks and suggestions directly to the PTKdevelopers team.

PTK Newsletter

website: http://ptk.dflabs.%20com/

e-mail: ptk@dflabs.com

unsubscription: ptk@dflabs.com