ltec 2013 - encase v7.08.01 presentation
DESCRIPTION
LTEC 2013 - EnCase v7.08.01 presentation supposed to be workshop but machines were missing so it was turned into live presentationTRANSCRIPT
Damir Delija, Dr.Sc.E.E.
Davorka Foit, mag.ing.inf. et comm.techn.
22. October 2013, LTEC Prague
EnCase Forensic
Digital Forensic Tool
2
EnCase Forensic
Leading digital forensics tool• www.guidancesoftware.com
Accepted as a standard tool in the
judiciary
A large number of court rulings and
procedures in which EnCase was used
It is not necessary to be a computer
expert to carry out a standard
investigation with EnCase
EnCase Forensic – Digital Forensic Tool
3
Goal
The goal is to provide EnCase Forensic
hands-on in real usage scenario
Scenario:• There is a search warrent which defines what has to be
done and how
• EnCase Forensic will be used
• Evidence is real
EnCase Forensic – Digital Forensic Tool
4
EnCase – main screen
EnCase Forensic – Digital Forensic Tool
5
Writeblocker enabling
EnCase Forensic – Digital Forensic Tool
6
Disk adding
EnCase Forensic – Digital Forensic Tool
7
Disk view - writeBlocked
EnCase Forensic – Digital Forensic Tool
8
Aquisition – creating disk
image
EnCase Forensic – Digital Forensic Tool
9
Forensic disk image
EnCase Forensic – Digital Forensic Tool
10
EnCase case folder
structure
EnCase Forensic – Digital Forensic Tool
11
Evidence processor –
automatic processing
EnCase Forensic – Digital Forensic Tool
12
Main case screen
EnCase Forensic – Digital Forensic Tool
13
Disk view – Tree table view
EnCase Forensic – Digital Forensic Tool
14
Images – Gallery view
EnCase Forensic – Digital Forensic Tool
15
Evidence processor –
automatic processing
EnCase Forensic – Digital Forensic Tool
16
Images found
EnCase Forensic – Digital Forensic Tool
17
Image tagging – table view
EnCase Forensic – Digital Forensic Tool
18
Tagging of found evidence:
which tag to use
EnCase Forensic – Digital Forensic Tool
19
Timeline view
EnCase Forensic – Digital Forensic Tool
20
Bookmarking of found
evidence
EnCase Forensic – Digital Forensic Tool
21
Preliminary report
EnCase Forensic – Digital Forensic Tool
22
Raw search
EnCase Forensic – Digital Forensic Tool
23
Search – keyword definition
EnCase Forensic – Digital Forensic Tool
24
Search results
EnCase Forensic – Digital Forensic Tool
25
Conditions- metadata
search
EnCase Forensic – Digital Forensic Tool
26
Index search
EnCase Forensic – Digital Forensic Tool
27
Search results consolidated
EnCase Forensic – Digital Forensic Tool
28
Reporting
EnCase Forensic – Digital Forensic Tool
29
Case backup and archive
EnCase Forensic – Digital Forensic Tool
30
Questions
EnCase Forensic – Digital Forensic Tool