Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.

Slides:

Advertisements

Similar presentations

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

Advertisements

Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)

Operating Systems. Operating System (OS) The software that manages the sharing of the resources of a computer. Examples of Operating Systems ◦ Windows.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

File System Analysis.

© 2008 Kroll Ontrack Inc.| Ontrack PowerControls 5.1 The ultimate “power tool” for SharePoint administrators.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Computer & Network Forensics

COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 8 Macintosh and Linux Boot Processes and File Systems.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

© 2009 Kroll Ontrack Inc.| Ontrack PowerControls 6.0 for SharePoint™ A Better Way to Search and Restore.

Using Microsoft Outlook: Basics. Objectives Guided Tour of Outlook –Identification –Views Basics –Contacts –Folders –Web Access Q&A.

Sleuthkit/Autopsy Kevin Krause.

1 Lecture 6 Forensic Analysis of Windows Systems (contd. after lecture 4) Prof. Shamik Sengupta Office 4210N

Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.

1 Outlook Lesson 1 Outlook Basics and Microsoft Office 2010 Introductory Pasewark & Pasewark.

NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md.

© Paradigm Publishing Inc. 4-1 Chapter 4 System Software.

Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.

®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.

F9-Common Forensic Analysis Techniques Dr. John P. Abraham Professor UTPA.

Outlook 2000 Summertime Technology 2002 Vicki Blackwell Tangipahoa Parish Schools.

Software GCSE ICT.

Chapter 4 System Software.

1 8/24/2002 Why Upgrade to DS3.0? Xerox and the DocuShare Business Unit continue to invest in DocuShare. We want our customers to continue to invest in.

© Copyright 2013 TONE SOFTWARE CORPORATION. Confidential and Proprietary. All rights reserved. ® Operator Training – Release Alarms Suppression and.

Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.

COMPUTER FORENSIC EXAMINATION IN AUSTRALIAN Wanwimol Panpeng

Microsoft Outlook 2007 Basics Distance Learning (860) 343 – 5756 Chapman 633/632 Middlesex Community College Visit

Module 9 Configuring Messaging Policy and Compliance.

Dušan Mikulaj, Marek Laššák, Institute of Forensic Science, Slovakia – Bratislava Comparison of open source and commercial software in forensic informatics.

Workbench Overview Dwight Deugo Nesa Matic

EBSCOhost 2.0 GOLD/GALILEO ANNUAL USERS GROUP CONFERENCE August 1, 2008.

Your Interactive Guide to the Digital World Discovering Computers 2012.

Timeline Analysis Geoff Black, EnCE, SnortCP Senior Forensic Consultant Professional Services Division Guidance Software, Inc.

Guide to Computer Forensics and Investigations Fourth Edition

Fourth R Inc. 1 WELCOME TO MICROSOFT OFFICE OUTLOOK 2003 INTRODUCTORY COURSE.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.

EndNote. What is EndNote? EndNote is referencing software that enables you to create a database of references from your readings.

Module 7 Planning and Deploying Messaging Compliance.

Working with Disks Lesson 4. Skills Matrix Technology SkillObjective DomainObjective # Configuring Data Protection Configure data protection6.4 Using.

Microsoft Outlook 2010 Instructor: Julie Thorngren

Selective and Intelligent Imaging Using Digital Evidence Bags.

© Paradigm Publishing, Inc. 4-1 Chapter 4 System Software Chapter 4 System Software.

Windows and Mac OSX.  Formatting a disk prepares it to accept data  NTFS on Windows  HFS+ on the Mac  There are lots of different formatting options.

EnCase  Starting a New Case  Adding a Device  Creating a Boot Disk  Keyword Search  Bookmarking  File Signatures  Exporting Files/Report  File.

Overview Using Plugins Developing Plugins Basic Examples / Demo Outlook Overview Using Plugins Developing Plugins Basic Examples / Demo Outlook Plugin.

THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.

Lesson 17 Mail Merge. Overview Create a main document. Create a data source. Insert merge fields into a main document. Perform a mail merge. Use data.

Instructor: Syed Shuja Hussain Chapter 4: Operating System Basics.

Solution to convert DBX file to PST file. INDEX  Introduction to DBX file.  Introduction to PST file.  Need to convert DBX file to PST file.  Solution.

OST to PST Converter Convert OST into PST, MSG, EML, MBOX and DBX migrate s.com/2016/01/23/convert-ost-to-pst-format.

Tammy Clark, Chief Information Security Officer

Unit 4 – Technology literacy

SEARCHING, VIEWING AND BOOKMARKING

Discovering Computers 2012: Chapter 8

Encase Overview.

Processing Evidence Files

ClamXav Antivirus Scanner: A Free Tool for Your Mac OS X

Chapter 5 EnCase Concepts.

Welcome To: Outlook Day 1

CHFI & Digital Forensics [Part.1] - Basics & FTK Imager

FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.

Digital Forensics Dr. Bhavani Thuraisingham

Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.

Presentation transcript:

Encase Overview

What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable of conducting large-scale and complex investigations from beginning to end. By Guidance Software, Inc. Version 6.10

Who Can use Encase Law enforcement officers Government investigators Corporate investigators Consultants

Features Acquire data in a forensically sound manner using software with an unparalleled record in courts worldwide. Investigate and analyze multiple platforms — Windows, Linux, AIX, OS X, Solaris and more — using a single tool. Save days, if not weeks, of analysis time by automating complex and routine tasks with prebuilt EnScript® modules, such as Initialized Case and Event Log analysis. Find information despite efforts to hide, cloak or delete.

Features Easily manage large volumes of computer evidence, viewing all relevant files, including "deleted" files, file slack and unallocated space. Transfer evidence files directly to law enforcement or legal representatives as necessary. Review options allow non-investigators, such as attorneys, to review evidence with ease. Reporting options enable quick report preparation

How Encase works

File systems supported by EnCase software: FAT12/16/32, NTFS, EXT2/3 (Linux), Reiser (Linux), UFS (Sun Solaris), AIX Journaling File System (JFS and jfs) LVM8, FFS (OpenBSD, NetBSD and FreeBSD), Palm, HFS, HFS+ (Macintosh), CDFS, ISO 9660, UDF, DVD, ad TiVo® 1 and TiVo 2 file systems

Encase Interface:

System menu Toolbar Window containing panes Status line

Case Management (1) An evidence case includes: an evidence file a case file EnCase® program configuration files

Case Management (2) The case file contains : pointers to one or more evidence files or previewed devices bookmarks search results sorts hash analysis results signature analysis reports

Working with Evidence EnCase applications support: EnCase Evidence Files (E01): includes contents of an acquired device, investigative metadata and the device-level hash value. Logical Evidence Files (LEF/L01): created from files seen in a preview or existing evidence file. Raw images Single files, including directories

Working with Evidence Preview a device Add a device Acquire a device Hashing a device Restore: physical or logical

Viewing Files Encase Supports viewing the following files: Text (ASCII and Unicode) Hexadecimal Doc, native formats for Oracle Outside In technology supported formats Transcript, extracted content with formatting and noise suppressed Various image file formats

View Compound Files Outlook Express (DBX) Outlook (PST) Exchange 2000/2003 (EDB) Lotus Notes (NSF) for versions 4, 5, and 6 Mac DMG Format Mac PAX Format JungUm and Hangul 97 and 2000 Korean Office documents Zip files such as ZIP, GZIP, and TAR files Thumbs.db files Others not specified

Reporting

Project Information Project: Analyze one of evidence files and write an report. Choose one evidence file in C:\EvidenceFiles folder. Find User Manual in C:\Encase folder Lab Location: Time: Make an appointment with TA by to

Question ?