View
227
Download
1
Embed Size (px)
Citation preview
Project Description
• Review EnCase Forensics Software
• Explain integrated forensics tools
• Provide screenshots of the EnCase work environment – explain features
What is EnCase
• Computer Forensics Software
• Considered the Industry Standard for computer forensics
• Many powerful proprietary tools
Proprietary Tools
• EnScript –– Mini-programming tools similar to C++– Mini Programs that can process evidence– Can be programmed to process many
small, tedious tasks quickly– EnCase contains a library of 100’s of
different EnScripts– CON > Used mostly by experienced
programmers.
Proprietary Tools Continued
• Timeline Tool– Outlines dates and times evidence was
modified– Easy-to-read graphical interface– Shows number of cluster modified in a
specific frame of time.
Other Useful Tools•Multi-View evidence window can view evidence as :
•Text
•Hexidecimal
•Picture (gallery view for picture files)
•Disk (view physical clusters that the evidence occupies)
•Console (view output of EnScript programs)
•Filters/Queries (specialized search criteria)
Other Useful Tools
• Uses MD5 hashing for evidence files and saved case files.
• Ability to generate detailed evidence reports – similar to ProDiscover and FTK
• BootDisk creation tool – creates bootable floppy disk
• Drive Wiper – secure erase of storage media.
Final Thoughts
• Tools are very in-depth, but can be more difficult to utilize when compared to entry-level tools such as ProDiscover.
• The proprietary tools such as the timeline can help create clearer evidence.
• Encase is a very powerful computer forensics program, complete with all the tools necessary to build a solid case.
Outcome
• I learned about the keyfeatures of the proprietary tools of EnCase
• I am now able to better gauge the quality of various computer forensics software
• I was not able to use EnCase to its full extent, as the copy I used was a demonstration copy