LTEC 2013 - EnCase v7.08.01 presentation

transcript

Damir Delija, Dr.Sc.E.E.

Davorka Foit, mag.ing.inf. et comm.techn.

22. October 2013, LTEC Prague

EnCase Forensic

Digital Forensic Tool

EnCase Forensic

Leading digital forensics tool• www.guidancesoftware.com

Accepted as a standard tool in the

judiciary

A large number of court rulings and

procedures in which EnCase was used

It is not necessary to be a computer

expert to carry out a standard

investigation with EnCase

EnCase Forensic – Digital Forensic Tool

The goal is to provide EnCase Forensic

hands-on in real usage scenario

Scenario:• There is a search warrent which defines what has to be

done and how

• EnCase Forensic will be used

• Evidence is real

EnCase – main screen

Writeblocker enabling

Disk adding

Disk view - writeBlocked

Aquisition – creating disk

Forensic disk image

EnCase case folder

structure

Evidence processor –

automatic processing

Main case screen

Disk view – Tree table view

Images – Gallery view

Evidence processor –

automatic processing

Images found

Image tagging – table view

Tagging of found evidence:

which tag to use

Timeline view

Bookmarking of found

evidence

Preliminary report

Raw search

Search – keyword definition

Search results

Conditions- metadata

search

Index search

Search results consolidated

Reporting

Case backup and archive

Questions

damir.delija@insig2.eu

davorka.foit@insig2.eu

LTEC 2013 - EnCase v7.08.01 presentation

Education