NUIX Investigations Training

Nuix Training

Nuix Foundations – Investigations is a classroom-based training course intended to take an examiner new to the Nuix Investigator tool through techniques in creating cases, processing file data and analyzing evidence more efficiently. Students will learn all procedures to successfully create an investigations case and review the many preprocessing options for ingesting different formats of unstructured data and forensic images. Students will learn the functionality available within the tool to view, search, filter, tag, visualize and export data for reporting. Advanced topics will also expose students to the Ruby scripting capabilities to cull through volumes of data seamlessly. The course will conclude with Nuix Visual Analytics to perform timeline and geo-tagging analysis for tagging, exporting and reporting purposes.

 

DURING THIS CLASS PARTICIPANTS WILL:
  • Review Nuix configuration options
  • Install and configure Nuix Investigator
  • Review case creation options and Mime type settings
  • Define Metadata profiles and Filtering functionality
  • Recognize menu functions and data viewing options
  • Analyze Microsoft Office objects, graphic files, web cache and common Windows artifacts
  • Perform basic and advanced searches across file data and Nuix metadata extractions
  • Describe the Named Entity and Near Duplicate functionality
  • Nuix Visual Analytics to perform various functions relating to What, Where, When, and Who
  • Review Nuix scripting capabilities and build basic scripts to use against case data
  • Explorer Nuix export options and reporting capabilities. The class includes multiple hands-on labs that allow students to apply what they have learned during the lecture phases.

 

PREREQUISITES

To obtain the maximum benefit from this class, you should meet the
following requirements:

  • Perform basic operations on a personal computer
  • Be familiar with the Microsoft Windows environment
  • Have 6 months’ experience in forensic examinations.

 

CLASS MATERIALS AND SOFTWARE

You will receive the student training manual, training material and lab exercises.

 

COURSE OUTLINE

MODULE 1: INTRODUCTION
• Student introductions
• Nuix history
• Overview of Nuix technology
• Evidence ingestion options
• Product support channels
• Installation options

MODULE 2: PROCESSING DATA—CASE CREATION
• Nuix dependencies
• Creating a Nuix Case
• Simple vs. compound cases
• Adding evidence files
• Pre-filtering case file ingestion
• Nuix logs

MODULE 3: ANALYZING DATA PART 1
• Custodian management
• Nuix desktop overview
• Nuix tab and menu functions
• Desktop navigation
• Filtered views
• Results pane
• Review pane

MODULE 4: ANALYZING DATA PART 2
• Data analysis and culling
• Custom metadata profiles
• Flagging ignorable items
• Checking items
• Tagging items
• Adding comments
• Exporting data
• Predefined filters
• Hash lists and de-duplication

MODULE 5: PROCESSING WINDOWS ARTIFACTS
• Processing Windows artifacts with Nuix
– Registry files
– Graphic files
– Office documents
– Email artifacts
– Recycle Bin

MODULE 6: NAMED ENTITIES
• Review Nuix entities
• Regex basics
• Default entities
• Viewing entities results
• Creating custom entities

MODULE 7: NUIX SEARCHING
• Basic keyword searching
• Advanced searching
– Operators
– Proximity searching
• Regular expressions
• Near duplicates—shingles

MODULE 8: NUIX SCRIPTING 101
• What is scripting
• Where it can be used
• Configuring scripts
• Introducing the script API
• Basic concepts of scripting
• Writing our first script

MODULE 9: NUIX VISUAL ANALYTICS
• Launching Nuix Visual Analytics
• Exploring data sets
• Tagging and exporting options
• NVA reporting options

MODULE 10: EXPORTING AND REPORTING
• Preparing tagged items for exporting
• Export options
• Applying custom metadata profiles
• Reporting options
• Case information report
• Windows artifact report
• MS Office document report
• Graphic file report
• Registry report
• Event map reports
• Network diagram reports


Course Offerings