This past month the EnCase team has been hard at work evaluating EnCase 8 compared to other digital forensics tools. We started by creating a Virtual Machine where we made a mock computer to be investigated. After this we took the information from the VM and began using it in our tools. We then began analyzing our data by searching through it looking for relevant information that could be useful to our investigation. After looking for artifacts we went on to search the keywords “e”, “asdfghjkl” and “cyanide”.
Upon searching the keywords, we found a ton of relevant files but just as many irrelevant files. After we searched for “cyanide”, we began the process of looking for relevant files. We searched through the 131 files and found that 50 of these files were relevant to our data generation. We then compared our results to the results of the other teams. Over a two week span, we sat down with the members of the other teams and opened our VMs. We read off our results to each other, recording differences in the hits and files found by our tools. This was a time consuming process because we had to compare every single hit and then find the differences among the tools. Upon doing this we learned some of the strengths and weaknesses of EnCase compared to the other tools.
We are nearing the end of the semester and finishing up the work for our internships. All we have left to do is file carving to recover deleted data, finish up our final report, and we are done!