COS413 Capstone – EnCase Software Review Nathan Perkins.

Slides:



Advertisements
Similar presentations
Introduction to E-Prime for demonstrators/PG Dips Jonathan Stirk.
Advertisements

1 P RESENTED BY D AVE M AUPIN S ECURITY M ANAGEMENT P ARTNERS W ALTHAM, MA WWW. SMPONE. COM.
Effective Discovery Techniques In Computer Crime Cases.
BACS 371 Computer Forensics
Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition
©M Robinson (All Saints College) Replace this with your full name OCR Unit 1 ICT Skills for Business a1 Instructions (this slide should be deleted before.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
Systems Software Operating Systems.
COEN 252 Computer Forensics
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
CPG 453 Course Outline Previous Text:  Microsoft Office XP – Illustrated Introductory (Enhanced Edition) by Thomson Course Technology (2003)  This.
IT GOVERNANCE AND CYBERCRIME Open Source Forensic Tools 19/04/10.
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
Computer Concepts 7th Edition Parsons/Oja Chapter 3 Computer Software Section A: Software Basics.
AS Computing Software definitions.
Avalanche Internet Data Management System. Presentation plan 1. The problem to be solved 2. Description of the software needed 3. The solution 4. Avalanche.
Lesson 1 Review Q and A’s.
 2002 Prentice Hall Chapter 4 Software Basics: The Ghost in the Machine.
CHAPTER FOUR COMPUTER SOFTWARE.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Systems Software Operating Systems. What is software? Software is the term that we use for all the programs and data that we use with a computer system.
Guide to Computer Forensics and Investigations Fourth Edition
Planning a Group Policy Management and Implementation Strategy Lesson 10.
Systems Software Operating Systems. What is software? Software is the term that we use for all the programs and data that we use with a computer system.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Computers Computer & Internet Security How Computer Forensics Works What is the Year 2038 problem? Could hackers devastate the U.S. economy?
Module 3 Configuring File Access and Printers on Windows 7 Clients.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
What is Computer Software? EQ: What are the software components of a computer? T-IDT Describe and explore current and emerging software, including.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Return to the Office 2007 web page Lesson 3: Managing Computer Files.
Connecting with Computer Science2 Objectives Learn how software engineering is used to create applications Learn some of the different software engineering.
1 Software. 2 What is software ► Software is the term that we use for all the programs and data on a computer system. ► Two types of software ► Program.
CJ 317 – Computer Forensics
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
“Read Only Memory” a class of storage media used in computers and other electronic devices. This tells the computer how to load the operating system.
The Computer Basics 1 Mattson. Computer gadgets, devices & file storage Digital Art Photography Art Mrs. Ruth Mattson.
CMPF124 Personal Productivity with Information Technology Chapter 2 – Part 3 Introduction To Windows Operating Systems Windows Accessories CMPF 112 : COMPUTING.
Learning Objectives Understand the concepts of Information systems.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. DATABASE.
David Robb 10/14/08 Discovery Streaming. From the Home Page, you can search for digital media by keyword, subject, grade level, or curriculum standards.
Introduction to Computer Technology A Beginners Project.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
“Candidates were not advantaged by defining every type of operating system provided as examples in the explanatory notes of the standard. Candidates who.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chapter 8 Forensic Duplication Spring Incident Response & Computer Forensics.
Do Now You have 10 minutes to finish your About Me essay. When you are done, print out both your new About Me Ad and your typed essay.
By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.
Introduction to Problem Solving Programming is a problem solving activity. When you write a program, you are actually writing an instruction for the computer.
Unit 2 Computer Systems. The aim of this unit is to enable learners to:  Understand the components of computer systems and  Develop the skills needed.
OPERATING SYSTEMS (OS) By the end of this lesson you will be able to explain: 1. What an OS is 2. The relationship between the OS & application programs.

Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.
By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.
Unit 4 – Technology literacy
Technology Skills for Life, Career, and Academic Success
Microsoft Office 2010 Basics and the Internet
Microsoft Office 2010 Basics and the Internet
OPERATING SYSTEMS.
Planning a Group Policy Management and Implementation Strategy
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Chapter 3 - Software Split into 3 groups of 5..
Task 5: Meeting the client brief (THE FINAL TASK!)
Computer Fundamentals
Forensic Recovery of Evidence Device (FRED)
Presentation transcript:

COS413 Capstone – EnCase Software Review Nathan Perkins

Project Description Review EnCase Forensics Software Explain integrated forensics tools Provide screenshots of the EnCase work environment – explain features

What is EnCase Computer Forensics Software Considered the Industry Standard for computer forensics Many powerful proprietary tools

EnCase Environment Continued >

Proprietary Tools EnScript – –Mini-programming tools similar to C++ –Mini Programs that can process evidence –Can be programmed to process many small, tedious tasks quickly –EnCase contains a library of 100’s of different EnScripts –CON > Used mostly by experienced programmers.

Proprietary Tools Continued Timeline Tool –Outlines dates and times evidence was modified –Easy-to-read graphical interface –Shows number of cluster modified in a specific frame of time.

Timeline Tool

Other Useful Tools Multi-View evidence window can view evidence as : Text Hexidecimal Picture (gallery view for picture files) Disk (view physical clusters that the evidence occupies) Console (view output of EnScript programs) Filters/Queries (specialized search criteria)

Other Useful Tools Uses MD5 hashing for evidence files and saved case files. Ability to generate detailed evidence reports – similar to ProDiscover and FTK BootDisk creation tool – creates bootable floppy disk Drive Wiper – secure erase of storage media.

Final Thoughts Tools are very in-depth, but can be more difficult to utilize when compared to entry- level tools such as ProDiscover. The proprietary tools such as the timeline can help create clearer evidence. Encase is a very powerful computer forensics program, complete with all the tools necessary to build a solid case.

Outcome I learned about the keyfeatures of the proprietary tools of EnCase I am now able to better gauge the quality of various computer forensics software I was not able to use EnCase to its full extent, as the copy I used was a demonstration copy

Lessons Learned Do not underestimate a program of such small file size- EnCase is very powerful. To anyone pursuing a project in this area: –Try to find literature or manuals written by fellow users, as the documentation provided with the program is not thorough.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.