LTEC 2013 - EnCase v7.08.01 presentation

Damir Delija, Dr.Sc.E.E.

Davorka Foit, mag.ing.inf. et comm.techn.

22. October 2013, LTEC Prague

EnCase Forensic

Digital Forensic Tool

2

EnCase Forensic

Leading digital forensics tool• www.guidancesoftware.com

Accepted as a standard tool in the

judiciary

A large number of court rulings and

procedures in which EnCase was used

It is not necessary to be a computer

expert to carry out a standard

investigation with EnCase

EnCase Forensic – Digital Forensic Tool

http://www.guidancesoftware.com/

3

Goal

The goal is to provide EnCase Forensic

hands-on in real usage scenario

Scenario:• There is a search warrent which defines what has to be

done and how

• EnCase Forensic will be used

• Evidence is real


4

EnCase – main screen


5

Writeblocker enabling


6

Disk adding


7

Disk view - writeBlocked


8

Aquisition – creating disk

image


9

Forensic disk image


10

EnCase case folder

structure


11

Evidence processor –

automatic processing


12

Main case screen


13

Disk view – Tree table view


14

Images – Gallery view


15

Evidence processor –

automatic processing


16

Images found


17

Image tagging – table view


18

Tagging of found evidence:

which tag to use


19

Timeline view


20

Bookmarking of found

evidence


21

Preliminary report


22

Raw search


23

Search – keyword definition


24

Search results


25

Conditions- metadata

search


26

Index search


27

Search results consolidated


28

Reporting


29

Case backup and archive


30

Questions


[email protected]

[email protected]

mailto:[email protected]

mailto:[email protected]

Education

LTEC 2013 - EnCase v7.08.01 presentation