LTEC 2013 - EnCase v7.08.01 presentation

•

3 j'aime•4,456 vues

This document discusses the digital forensic tool EnCase Forensic. It provides an overview of EnCase and its features, including that it is a leading forensic tool accepted in courts. The document then outlines a scenario where EnCase will be used to conduct a forensic investigation based on a search warrant. The remainder of the document walks through the key functions and screens of EnCase like adding disk images, searching for evidence, tagging evidence, and reporting while conducting the outlined forensic investigation scenario.

Formation Technologie

EnCase Forensic
Digital Forensic Tool
Damir Delija, Dr.Sc.E.E.
Davorka Foit, mag.ing.inf. et comm.techn.
22. October 2013, LTEC Prague

EnCase Forensic
Leading digital forensics tool
•

www.guidancesoftware.com

Accepted as a standard tool in the
judiciary
A large number of court rulings and
procedures in which EnCase was used
It is not necessary to be a computer
expert to carry out a standard
investigation with EnCase

EnCase Forensic – Digital Forensic Tool

2

Goal
The goal is to provide EnCase Forensic
hands-on in real usage scenario
Scenario:
•

•
•

EnCase Forensic – Digital Forensic Tool

There is a search warrent which defines what has to be
done and how
EnCase Forensic will be used
Evidence is real

3

EnCase – main screen

EnCase Forensic – Digital Forensic Tool

4

Writeblocker enabling

EnCase Forensic – Digital Forensic Tool

5

Disk adding

EnCase Forensic – Digital Forensic Tool

6

Disk view - writeBlocked

EnCase Forensic – Digital Forensic Tool

7

Aquisition – creating disk
image

EnCase Forensic – Digital Forensic Tool

8

Forensic disk image

EnCase Forensic – Digital Forensic Tool

9

EnCase case folder
structure

EnCase Forensic – Digital Forensic Tool

10

Evidence processor –
automatic processing

EnCase Forensic – Digital Forensic Tool

11

Main case screen

EnCase Forensic – Digital Forensic Tool

12

Disk view – Tree table view

EnCase Forensic – Digital Forensic Tool

13

Images – Gallery view

EnCase Forensic – Digital Forensic Tool

14

Evidence processor –
automatic processing

EnCase Forensic – Digital Forensic Tool

15

Images found

EnCase Forensic – Digital Forensic Tool

16

Image tagging – table view

EnCase Forensic – Digital Forensic Tool

17

Tagging of found evidence:
which tag to use

EnCase Forensic – Digital Forensic Tool

18

Timeline view

EnCase Forensic – Digital Forensic Tool

19

Bookmarking of found
evidence

EnCase Forensic – Digital Forensic Tool

20

Preliminary report

EnCase Forensic – Digital Forensic Tool

21

Raw search

EnCase Forensic – Digital Forensic Tool

22

Search – keyword definition

EnCase Forensic – Digital Forensic Tool

23

Search results

EnCase Forensic – Digital Forensic Tool

24

Conditions- metadata
search

EnCase Forensic – Digital Forensic Tool

25

Index search

EnCase Forensic – Digital Forensic Tool

26

Search results consolidated

EnCase Forensic – Digital Forensic Tool

27

Reporting

EnCase Forensic – Digital Forensic Tool

28

Case backup and archive

EnCase Forensic – Digital Forensic Tool

29

Questions

damir.delija@insig2.eu
davorka.foit@insig2.eu

EnCase Forensic – Digital Forensic Tool

30

Contenu connexe

Tendances

computer forensics

Akhil Kumar

Forensic imaging

DINESH KAMBLE

Introduction to filesystems and computer forensics

Mayank Chaudhari

Windows Forensic 101

Digit Oktavianto

Windows registry forensics

Taha İslam YILMAZ

Autopsy Digital forensics tool

Sreekanth Narendran

Computer Forensics

One97 Communications Limited

Digital Forensic ppt

Suchita Rawat

Introduction to computer forensic

Online

Computer forensic ppt

Priya Manik

Reliance on forensic investigation of information systems has become a daily requirement for law enforcement and security practitioners around the world. Effective evidence collection and analysis is the foundation of any investigation; identification of suspects, motives and methods demand the acquisition of the largest amount information that evidence can provide us. Anti-Forensics – Real world identification, analysis and prevention will discuss how criminals, attackers, non-enlightened investigators all have the ability to impact the amount useful information we have at our disposal. Michael will show the audience real world scenarios detailing how Anti-forensics tools are used to hide and destroy incriminating evidence, outlining common anti-forensic techniques. This will be followed by discussion of hands-on identification and prevention practices used to raise awareness around current academic research and identify potential solutions for practitioners and law enforcement organizations.

Anti-Forensics: Real world identification, analysis and prevention

Seccuris Inc.

Computer forensics

deaneal

Network Forensics

primeteacher32

01 Computer Forensics Fundamentals - Notes

Kranthi

Windows 10 Forensics: OS Evidentiary Artefacts

Brent Muir

Computer Forensics

Neilg42

Module 02 ftk imager

ParminderKaurBScHons

Understanding computer investigation

Online

Digital Forensics by William C. Barker (NIST)

AltheimPrivacy

Anti forensic

Milap Oza

Tendances (20)

computer forensics

Forensic imaging

Introduction to filesystems and computer forensics

Windows Forensic 101

Windows registry forensics

Autopsy Digital forensics tool

Computer Forensics

Digital Forensic ppt

Introduction to computer forensic

Computer forensic ppt

Anti-Forensics: Real world identification, analysis and prevention

Computer forensics

Network Forensics

01 Computer Forensics Fundamentals - Notes

Windows 10 Forensics: OS Evidentiary Artefacts

Computer Forensics

Module 02 ftk imager

Understanding computer investigation

Digital Forensics by William C. Barker (NIST)

Anti forensic

Similaire à LTEC 2013 - EnCase v7.08.01 presentation

Usage aspects techniques for enterprise forensics data analytics tools

Damir Delija

Anti-Forensic Rootkits

amiable_indian

Open Source Forensics

CTIN

02 Types of Computer Forensics Technology - Notes

Kranthi

Booklet

Tiago Henriques

intro to forensics

Pardhasaradhi ch

Introduction to Forensics and Steganography by Pardhasaradhi C

n|u - The Open Security Community

Cyber&digital forensics report

yash sawarkar

Codebits 2010

Tiago Henriques

Course Objectives: • Help the student to achieve a broad understanding of the main types of memory forensic data gathering and analysis • Serve as an introduction to low level concepts necessary for a proper understanding of the task of performing memory forensics on Windows, MacOSX and Linux (incl. Android). • Put the student in contact with different memory forensics tools and provide him information on how to use the gathered forensic data to perform a wide range of investigations

2010 2013 sandro suffert memory forensics introdutory work shop - public

Sandro Suffert

computerforensics-140529094816-phpapp01 (1).pdf

Gnanavi2

RSA APJ Velociraptor Lab

Velocidex Enterprises

Digital Forensics

Vikas Jain

(120804) #fitalk field device

INSIGHT FORENSIC

(120804) #fitalk field device

INSIGHT FORENSIC

Best Cyberforensic Tools.pdf

Bytecode Security

Digital forensics

Adriana Backman

(130608) #fitalk ceic 2013 interview

INSIGHT FORENSIC

Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...

Studio Fiorenzi Security & Forensics

Chapter 8: Common Forensic Tools Overview In this chapter, you'll learn more about: · Explore disk imaging tools, forensic software tool sets, and miscellaneous software tools · Understand computer forensic hardware · Assemble your forensic tool kit The first steps in any investigation nearly always involve old-fashioned detective work. As a forensic investigator, you need to observe and record your observations first. Once you start examining media contents, you'll need some tools to help you find and make sense of stored data. Forensic investigators and computer examiners need several different types of tools to identify and acquire computer evidence. Some evidence is hidden from the casual observer and requires specialized tools to find and access. In this chapter, we'll examine a sampling of some common and popular tools available to carry out computer forensic tasks. Disk Imaging and Validation Tools After identifying the physical media that they suspect contains evidence, forensic investigators must make sure media is preserved before any further steps are taken. Preserving the media is necessary to provide assurance the evidence acquired is valid. Chapter 3, "Computer Evidence," and Chapter 4, "Common Tasks," both emphasize the importance of copying all media first and then analyzing the copy. It's usually best to create an exact image of the media and verify that it matches the original before continuing the investigation. It's rare to examine the original evidence for any investigation that might end up in court. For other types of investigations, however, forensic investigators might perform a targeted examination on the original evidence. For example, assume the job is to examine a user's home folder on a server for suspected inappropriate material. It might be impossible or extremely difficult to create a mirror image of the disk drive, but the disk can be scanned for existing or deleted files while it is in use. Although examining media while in use might not always be the best practice, informal investigations use this technique frequently. To Copy or Not to Copy? Whenever possible, create a duplicate of the original evidence, verify the copy, and then examine the copy. Always invest the time and effort to copy original media for any investigation that might end up in a court of law. If you are sure your investigation will not end up in court, you might decide to analyze the original evidence directly. This is possible and desirable in cases where copying media would cause service interruptions. Your choice of tools to use depends on several factors, including: · Operating system(s) supported Operating system(s) in which the tool runs File systems the tool supports · Price · Functionality · Personal preference The following sections list some tools used to create and verify media copies. Some products appear in two places in the chapter. That's because several products play multiple roles. This section lists several products ...

Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx

christinemaritza

Similaire à LTEC 2013 - EnCase v7.08.01 presentation (20)

Usage aspects techniques for enterprise forensics data analytics tools

Anti-Forensic Rootkits

Open Source Forensics

02 Types of Computer Forensics Technology - Notes

Booklet

intro to forensics

Introduction to Forensics and Steganography by Pardhasaradhi C

Cyber&digital forensics report

Codebits 2010

2010 2013 sandro suffert memory forensics introdutory work shop - public

computerforensics-140529094816-phpapp01 (1).pdf

RSA APJ Velociraptor Lab

Digital Forensics

(120804) #fitalk field device

Best Cyberforensic Tools.pdf

Digital forensics

(130608) #fitalk ceic 2013 interview

Enterprise Digital Forensics and Secuiryt with Open Source tools: Automate Au...

Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docx

Plus de Damir Delija

6414 preparation and planning of the development of a proficiency test in the...

Damir Delija

6528 opensource intelligence as the new introduction in the graduate cybersec...

Damir Delija

Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.

Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...

Damir Delija

Remote forensics fsec2016 delija draft

Damir Delija

Ecase direct servlet acess v1

Damir Delija

Cis 2016 moč forenzičikih alata 1.1

Damir Delija

In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.

Draft current state of digital forensic and data science

Damir Delija

Why i hate digital forensics - draft

Damir Delija

One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training", Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education

Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...

Damir Delija

Deep Web and Digital Investigations

Damir Delija

Datafoucs 2014 on line digital forensic investigations damir delija 2

Damir Delija

EnCase Enterprise Basic File Collection

Damir Delija

Ocr and EnCase

Damir Delija

Olaf extension td3 inisg2 2

Damir Delija

Moguće tehnike pristupa forenzckim podacima 09.2013

Damir Delija

Cis 2013 digitalna forenzika osvrt

Damir Delija

Ibm aix wlm idea

Damir Delija

Aix workload manager

Damir Delija

2013 obrada digitalnih dokaza

Damir Delija

Tip zlocina digitalni dokazi

Damir Delija

Plus de Damir Delija (20)

6414 preparation and planning of the development of a proficiency test in the...

6528 opensource intelligence as the new introduction in the graduate cybersec...

Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...

Remote forensics fsec2016 delija draft

Ecase direct servlet acess v1

Cis 2016 moč forenzičikih alata 1.1

Draft current state of digital forensic and data science

Why i hate digital forensics - draft

Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...

Deep Web and Digital Investigations

Datafoucs 2014 on line digital forensic investigations damir delija 2

EnCase Enterprise Basic File Collection

Ocr and EnCase

Olaf extension td3 inisg2 2

Moguće tehnike pristupa forenzckim podacima 09.2013

Cis 2013 digitalna forenzika osvrt

Ibm aix wlm idea

Aix workload manager

2013 obrada digitalnih dokaza

Tip zlocina digitalni dokazi

Dernier

Python Notes for mca i year students osmania university.docx

Ramakrishna Reddy Bijjam

On National Teacher Day, meet the 2024-25 Kenan Fellows

Mebane Rash

Interdisciplinary_Insights_Data_Collection_Methods.pptx

Pooja Bhuva

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

Nirmal Dwivedi

SOC 101 Demonstration of Learning Presentation

camerronhm

This PowerPoint helps students to consider the concept of infinity.

christianmathematics

Application orientated numerical on hev.ppt

RamjanShidvankar

Sociology 101 Demonstration of Learning Exhibit

jbellavia9

ICT Role in 21st Century Education & its Challenges.pptx

AreebaZafar22

Food safety_Challenges food safety laboratories_.pdf

Sherif Taha

Micro-Scholarship, What it is, How can it help me.pdf

Poh-Sun Goh

Graduate Outcomes Presentation Slides - English

neillewis46

Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...

Pooja Bhuva

How to Give a Domain for a Field in Odoo 17

Celine George

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University of Engineering & Technology, Jamshoro

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...

Nguyen Thanh Tu Collection

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx

Esquimalt MFRC

COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx

annathomasp01

How to Manage Global Discount in Odoo 17 POS

Celine George

Google Gemini An AI Revolution in Education.pptx

Dr. Sarita Anand

Dernier (20)

Python Notes for mca i year students osmania university.docx

On National Teacher Day, meet the 2024-25 Kenan Fellows

Interdisciplinary_Insights_Data_Collection_Methods.pptx

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

SOC 101 Demonstration of Learning Presentation

This PowerPoint helps students to consider the concept of infinity.

Application orientated numerical on hev.ppt

Sociology 101 Demonstration of Learning Exhibit

ICT Role in 21st Century Education & its Challenges.pptx

Food safety_Challenges food safety laboratories_.pdf

Micro-Scholarship, What it is, How can it help me.pdf

Graduate Outcomes Presentation Slides - English

Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...

How to Give a Domain for a Field in Odoo 17

Mehran University Newsletter Vol-X, Issue-I, 2024

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx

COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx

How to Manage Global Discount in Odoo 17 POS

Google Gemini An AI Revolution in Education.pptx

LTEC 2013 - EnCase v7.08.01 presentation

1. EnCase Forensic Digital Forensic Tool Damir Delija, Dr.Sc.E.E. Davorka Foit, mag.ing.inf. et comm.techn. 22. October 2013, LTEC Prague

2. EnCase Forensic Leading digital forensics tool • www.guidancesoftware.com Accepted as a standard tool in the judiciary A large number of court rulings and procedures in which EnCase was used It is not necessary to be a computer expert to carry out a standard investigation with EnCase EnCase Forensic – Digital Forensic Tool 2

3. Goal The goal is to provide EnCase Forensic hands-on in real usage scenario Scenario: • • • EnCase Forensic – Digital Forensic Tool There is a search warrent which defines what has to be done and how EnCase Forensic will be used Evidence is real 3

4. EnCase – main screen EnCase Forensic – Digital Forensic Tool 4

5. Writeblocker enabling EnCase Forensic – Digital Forensic Tool 5

6. Disk adding EnCase Forensic – Digital Forensic Tool 6

7. Disk view - writeBlocked EnCase Forensic – Digital Forensic Tool 7

8. Aquisition – creating disk image EnCase Forensic – Digital Forensic Tool 8

9. Forensic disk image EnCase Forensic – Digital Forensic Tool 9

10. EnCase case folder structure EnCase Forensic – Digital Forensic Tool 10

11. Evidence processor – automatic processing EnCase Forensic – Digital Forensic Tool 11

12. Main case screen EnCase Forensic – Digital Forensic Tool 12

13. Disk view – Tree table view EnCase Forensic – Digital Forensic Tool 13

14. Images – Gallery view EnCase Forensic – Digital Forensic Tool 14

15. Evidence processor – automatic processing EnCase Forensic – Digital Forensic Tool 15

16. Images found EnCase Forensic – Digital Forensic Tool 16

17. Image tagging – table view EnCase Forensic – Digital Forensic Tool 17

18. Tagging of found evidence: which tag to use EnCase Forensic – Digital Forensic Tool 18

19. Timeline view EnCase Forensic – Digital Forensic Tool 19

20. Bookmarking of found evidence EnCase Forensic – Digital Forensic Tool 20

21. Preliminary report EnCase Forensic – Digital Forensic Tool 21

22. Raw search EnCase Forensic – Digital Forensic Tool 22

23. Search – keyword definition EnCase Forensic – Digital Forensic Tool 23

24. Search results EnCase Forensic – Digital Forensic Tool 24

25. Conditions- metadata search EnCase Forensic – Digital Forensic Tool 25

26. Index search EnCase Forensic – Digital Forensic Tool 26

27. Search results consolidated EnCase Forensic – Digital Forensic Tool 27

28. Reporting EnCase Forensic – Digital Forensic Tool 28

29. Case backup and archive EnCase Forensic – Digital Forensic Tool 29

30. Questions damir.delija@insig2.eu davorka.foit@insig2.eu EnCase Forensic – Digital Forensic Tool 30

LTEC 2013 - EnCase v7.08.01 presentation

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à LTEC 2013 - EnCase v7.08.01 presentation

Similaire à LTEC 2013 - EnCase v7.08.01 presentation (20)

Plus de Damir Delija

Plus de Damir Delija (20)

Dernier

Dernier (20)

LTEC 2013 - EnCase v7.08.01 presentation