See below Infosec classroom day by day schedule,
Data Recovery at InfoSec Institute
5 Day Detailed Syllabus
Day 1: Foundations of Data Recovery & Hardware Data Recovery
Day 1 focuses on the fundamental skills of data recovery. After the introductory content is complete
a full review of hardware data recovery begins. Before any logical or software recovery can begin, it
is imperative to have a functional drive. Some of the lectures and hands on labs you will perform
on Day 1 are:
Introduction to the InfoSec Institute Data Recovery Course
Introduction to the Data Recovery process
Hard drive basics
Understanding the working parts of a hard drive
Platters, voice coils, logic boards and firmware
Clean room basics
Tools of the trade
Software used for hardware recovery
Listening to drive sounds for recovery clues
Clicking drives
Comparing pre-recorded sound samples to live drives
Understanding success rates
How to properly open a drive
Understanding motor spin
Relationship between spin and air bearing
Motions that unlock the arm of a drive
Motions that unlock the actuator of a drive
Actuator arm functions
Investigating the Pre-Amp
Learn to hand-spin a motor
Learn to manually move the actuator arm motion
Finding the Pre-Amp
Principals of applying power to a dead drive
Proper power source selection
Day 2: Intermediate Hardware Data Recovery
Day 2 encompasses a deep discussion on the various technologies and techniques used for
hardware data recovery. Some of the lectures and hands on labs you will perform on Day 2 are:
Data locations on various drives
Examining sectors
Examine data surrounding a sector
Understanding the Service Area (SA)
Locating the SA
Specialized equipment for manipulating the SA
PCB Boards
Understanding the PCB Board
Potential recoveries involving the PCB Board
Performing a Live PCB Board swap
http://ww.InfoSecInstitute.com | +1-866-471-0059 x.1 | 1515 N. Harlem Suite 307, Oak Park, IL, 60302, USA
Heat and temperature and the roll it plays in PCB Board swaps
Where to turn when a PC Board swap does not work as expected
Tools for Board swapping
PC3000 and its capabilities
Understanding Platter Swaps
Identifying if a Platter Swap is feasible
Fundamentals of the Platter Swap
Positioning the platter for proper alignment
Single Platter Swaps
Multi-Platter Swaps
Head Assemblies
Identifying cases where head assemblies are damaged beyond recovery
Head Assembly replacement
Tools for head assembly replacements
Protecting drives during head assembly replacements
Day 3: Data Preservation and Windows Logical Recovery
Day 3 focuses on how to recover data safely from a spinning drive without damaging the contents of
the drive during the recovery process. Various logical recovery issues are explored for the Windows
family of operating systems. Some of the lectures and hands on labs you will perform on Day 3 are:
Software for bit-level images
Using DD
Improving on DD with DD_Rescue
Using MediaTools Pro
Using the FTK Imager
Viewing data with the FTK Imager
Resolving issues encountered when exporting data
Resolving issues encountered when exporting Filenames
Disk structure
Disk partition design theory
Layout of disk partition structure
Clearing passwords on a password protected drive
PINS vs. Software
Specific drive model issues
Issues with specific models
Variations in Drives and Manufacturers
Casing
Using case types for recovery
Dates and PCB board firmware
Protecting hard drives from changes
Software vs. hardware protection
Protecting from further damage
When to scan a drive, and when to use software
The effect of scanning on a damaged drive
Windows and Data Recovery
Basic Windows recovery
Fat32 & NTFS
NTFS Explorer
Capturing SID protected folders
When to use a bootable Linux disk for recovery
Resolving kernel or driver issues with a Linux bootable disk
Resolving Blue Screen errors with a Linux bootable disk
Connecting to the Internet to use Linux for recovery
http://ww.InfoSecInstitute.com | +1-866-471-0059 x.1 | 1515 N. Harlem Suite 307, Oak Park, IL, 60302, USA
Scanning file types and Header content
Using a hex editor to find and search for specific files
What files look like
Locating files with a hex editor
Skipping NTFS and FAT tables when appropriate
Reviewing data structures with a Hex Editor
Windows Server OS issues
Controlling Server data
Identifying Recycling bin contents
Decoding Recycling Bin contents
Identifying Registry locations
Decoding Registry contents
Recovery of Exchange Server Databases
Typical Exchange server damage
Importing and Exporting Messages
MDB files and size limitations
Day 4: Linux, Mac OS X and RAID Recoveries
Day 4 covers the recovery of Linux and Mac OS X systems. Additionally, the recovery of RAID arrays
are explained in detail. Some of the lectures and hands on labs you will perform on Day 4 are:
Linux Data Recovery
File system structure
How to review file structure
Structure of Linux data
Software used to rebuild corrupted or damaged data
Mac OS X Data Recovery
Layout of data on a Mac
GPT Partition
T-Firewire mode
Specific data recovery software for Macs
RAID Data Recovery
Understanding RAID 0
RAID 0 with four drives
Understanding RAID 5
RAID 0 Recovery
RAID 5 Recovery
Prep for (Certified Data Recovery Professional) CDRP Exam
Day 5: Advanced Topics in Data Recovery
Day 5 expands on the lessons learned during the previous day to cover advanced topics in data
recovery. Specific tools that are quite popular on the market can damage drives are covered, as
well as the recovery of solid state flash NAND drives (USB drives). The day finishes with the inclass
proctoring of the CDRP exam. Some of the lectures and hands on labs you will perform on
Day 5 are:
Software Do’s and Dont’s
Software “features” that damage drives
SpinRite and associated prohibited tools
Example of a destructive tool - IE HD Restorer
Vista and Recovery of Shadow Copies
Solid state drive recovery
Solid state drives vs. Hard Disks
Repairing USB Flash drives
Understanding how NAND memory works
CDRP Exam – Proctored in class