Tag Archives: EnCase

Tool Evaluation Team – Autopsy Blog 3

Tool Evaluation Team – Autopsy Blog #3 Madi Brumbelow & Lyall Rogers Testing Autopsy For the last 3 months we’ve researched all about Autopsy: how to use it, comparing it to other tools, and mastering the art of forensic image analysis with our tool. Now, the results are in, results that you can see in […]

Continue reading

EnCase Tool Eval Update 2

Introduction This past month the EnCase team has been hard at work evaluating EnCase 8 compared to other digital forensics tools. We started by creating a Virtual Machine where we made a mock computer to be investigated. After this we took the information from the VM and began using it in our tools. We then […]

Continue reading

Encase Tool Evaluation

Introduction: Over the past five weeks we have been researching and gathering information on Opentext software EnCase 8, readying ourselves to begin dissecting evidence in our mock investigation. As the EnCase 8 intern team, we have been spending large amounts of time watching YouTube videos and diving deep into the manual provided by Opentext software. […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 4

Data Generation In order to test and examine the new editions of EnCase and FTK, we need a hard drive with existing data to work with. We want to have something specific to look for when we analyze the drives later on, so we are conducting controlled data generation using computers built for this project […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 3

EnCase v7.10 Updates Windows 8.1 and Server 2012 R2 Support EnCase 7.10, EnCase Examiner, SAFE, and the servlet all support Windows 8.1 and Windows Server 2012 R2. Systems running Windows 8.1 via the Evidence Processor (specifically the Windows Artifact parser) and BitLocker encryption are also supported now, and EnCase system requirements and recommended configurations are […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 2

EnCase v7.10 Updates EnCase Portable Capabilities EnCase 7.10 comes with full EnCase Portable capabilities. EnCase portable was a standalone product that worked separately from EnCase Forensic and EnCase Enterprise, however, with this update it is now included. EnCase Portable is a USB key based tool that is designed for non-expert and on-scene use. The goal […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Introduction

Project Introduction Over the past few months, Guidance Software and AccessData both released new updates for their computer forensic programs, EnCase and FTK. With EnCase now in update 7.1 and FTK being in 5.5, there are new and updated features that should be looked at. We could also use this opportunity to record how long […]

Continue reading
Five students posing together

CEIC 2014 Student Series: Kayla Williford

Computer Enterprise Investigations Conference (CEIC) 2014 Student Series: Kayla Williford Ever since leaving Las Vegas from CEIC 2014, I’ve been wondering how to describe my time at the conference that undoubtedly changed my life. The days that I spent at CEIC 2014 are now a memory, but what I learned, along with my experiences, will last […]

Continue reading

CEIC 2014 Student Series: Zach Smith

It was  an exciting week in Las Vegas at the Computer and Enterprise Investigations Conference (CEIC) 2014. I would like to say thank you to Guidance Software for putting on the conference and also Champlain College for giving me the opportunity to attend. My flight to Las Vegas left Monday at 6 AM. After traveling […]

Continue reading
Volume Shadow Copy

Volume Shadow Copy Part 3

What we found in the Volume Shadow Copy for Windows 7 After creating a raw image of the Volume Shadow Copy, we were able to view it in both FTK and Encase. We most often used Encase to examine the raw image file and received positive results. We cross referenced the log of what was […]

Continue reading