Download - LTEC 2013 - EnCase v7.08.01 presentation
Damir Delija, Dr.Sc.E.E.
Davorka Foit, mag.ing.inf. et comm.techn.
22. October 2013, LTEC Prague
EnCase Forensic
Digital Forensic Tool
2
EnCase Forensic
Leading digital forensics tool• www.guidancesoftware.com
Accepted as a standard tool in the
judiciary
A large number of court rulings and
procedures in which EnCase was used
It is not necessary to be a computer
expert to carry out a standard
investigation with EnCase
EnCase Forensic – Digital Forensic Tool
3
Goal
The goal is to provide EnCase Forensic
hands-on in real usage scenario
Scenario:• There is a search warrent which defines what has to be
done and how
• EnCase Forensic will be used
• Evidence is real
EnCase Forensic – Digital Forensic Tool
4
EnCase – main screen
EnCase Forensic – Digital Forensic Tool
5
Writeblocker enabling
EnCase Forensic – Digital Forensic Tool
6
Disk adding
EnCase Forensic – Digital Forensic Tool
7
Disk view - writeBlocked
EnCase Forensic – Digital Forensic Tool
8
Aquisition – creating disk
image
EnCase Forensic – Digital Forensic Tool
9
Forensic disk image
EnCase Forensic – Digital Forensic Tool
10
EnCase case folder
structure
EnCase Forensic – Digital Forensic Tool
11
Evidence processor –
automatic processing
EnCase Forensic – Digital Forensic Tool
12
Main case screen
EnCase Forensic – Digital Forensic Tool
13
Disk view – Tree table view
EnCase Forensic – Digital Forensic Tool
14
Images – Gallery view
EnCase Forensic – Digital Forensic Tool
15
Evidence processor –
automatic processing
EnCase Forensic – Digital Forensic Tool
16
Images found
EnCase Forensic – Digital Forensic Tool
17
Image tagging – table view
EnCase Forensic – Digital Forensic Tool
18
Tagging of found evidence:
which tag to use
EnCase Forensic – Digital Forensic Tool
19
Timeline view
EnCase Forensic – Digital Forensic Tool
20
Bookmarking of found
evidence
EnCase Forensic – Digital Forensic Tool
21
Preliminary report
EnCase Forensic – Digital Forensic Tool
22
Raw search
EnCase Forensic – Digital Forensic Tool
23
Search – keyword definition
EnCase Forensic – Digital Forensic Tool
24
Search results
EnCase Forensic – Digital Forensic Tool
25
Conditions- metadata
search
EnCase Forensic – Digital Forensic Tool
26
Index search
EnCase Forensic – Digital Forensic Tool
27
Search results consolidated
EnCase Forensic – Digital Forensic Tool
28
Reporting
EnCase Forensic – Digital Forensic Tool
29
Case backup and archive
EnCase Forensic – Digital Forensic Tool
30
Questions
EnCase Forensic – Digital Forensic Tool