LTEC 2013 - EnCase v7.08.01 presentation

2,524 views

Published on

LTEC 2013 - EnCase v7.08.01 presentation
supposed to be workshop but machines were missing so it was turned into live presentation

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,524
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
82
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

LTEC 2013 - EnCase v7.08.01 presentation

  1. 1. EnCase Forensic Digital Forensic Tool Damir Delija, Dr.Sc.E.E. Davorka Foit, mag.ing.inf. et comm.techn. 22. October 2013, LTEC Prague
  2. 2. EnCase Forensic Leading digital forensics tool • www.guidancesoftware.com Accepted as a standard tool in the judiciary A large number of court rulings and procedures in which EnCase was used It is not necessary to be a computer expert to carry out a standard investigation with EnCase EnCase Forensic – Digital Forensic Tool 2
  3. 3. Goal The goal is to provide EnCase Forensic hands-on in real usage scenario Scenario: • • • EnCase Forensic – Digital Forensic Tool There is a search warrent which defines what has to be done and how EnCase Forensic will be used Evidence is real 3
  4. 4. EnCase – main screen EnCase Forensic – Digital Forensic Tool 4
  5. 5. Writeblocker enabling EnCase Forensic – Digital Forensic Tool 5
  6. 6. Disk adding EnCase Forensic – Digital Forensic Tool 6
  7. 7. Disk view - writeBlocked EnCase Forensic – Digital Forensic Tool 7
  8. 8. Aquisition – creating disk image EnCase Forensic – Digital Forensic Tool 8
  9. 9. Forensic disk image EnCase Forensic – Digital Forensic Tool 9
  10. 10. EnCase case folder structure EnCase Forensic – Digital Forensic Tool 10
  11. 11. Evidence processor – automatic processing EnCase Forensic – Digital Forensic Tool 11
  12. 12. Main case screen EnCase Forensic – Digital Forensic Tool 12
  13. 13. Disk view – Tree table view EnCase Forensic – Digital Forensic Tool 13
  14. 14. Images – Gallery view EnCase Forensic – Digital Forensic Tool 14
  15. 15. Evidence processor – automatic processing EnCase Forensic – Digital Forensic Tool 15
  16. 16. Images found EnCase Forensic – Digital Forensic Tool 16
  17. 17. Image tagging – table view EnCase Forensic – Digital Forensic Tool 17
  18. 18. Tagging of found evidence: which tag to use EnCase Forensic – Digital Forensic Tool 18
  19. 19. Timeline view EnCase Forensic – Digital Forensic Tool 19
  20. 20. Bookmarking of found evidence EnCase Forensic – Digital Forensic Tool 20
  21. 21. Preliminary report EnCase Forensic – Digital Forensic Tool 21
  22. 22. Raw search EnCase Forensic – Digital Forensic Tool 22
  23. 23. Search – keyword definition EnCase Forensic – Digital Forensic Tool 23
  24. 24. Search results EnCase Forensic – Digital Forensic Tool 24
  25. 25. Conditions- metadata search EnCase Forensic – Digital Forensic Tool 25
  26. 26. Index search EnCase Forensic – Digital Forensic Tool 26
  27. 27. Search results consolidated EnCase Forensic – Digital Forensic Tool 27
  28. 28. Reporting EnCase Forensic – Digital Forensic Tool 28
  29. 29. Case backup and archive EnCase Forensic – Digital Forensic Tool 29
  30. 30. Questions damir.delija@insig2.eu davorka.foit@insig2.eu EnCase Forensic – Digital Forensic Tool 30

×