Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS413 Capstone – EnCase Software Review Nathan Perkins.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "COS413 Capstone – EnCase Software Review Nathan Perkins."— Presentation transcript:

1 COS413 Capstone – EnCase Software Review Nathan Perkins

2 Project Description Review EnCase Forensics Software Explain integrated forensics tools Provide screenshots of the EnCase work environment – explain features

3 What is EnCase Computer Forensics Software Considered the Industry Standard for computer forensics Many powerful proprietary tools

4 EnCase Environment Continued >

5

6 Proprietary Tools EnScript – –Mini-programming tools similar to C++ –Mini Programs that can process evidence –Can be programmed to process many small, tedious tasks quickly –EnCase contains a library of 100’s of different EnScripts –CON > Used mostly by experienced programmers.

7 Proprietary Tools Continued Timeline Tool –Outlines dates and times evidence was modified –Easy-to-read graphical interface –Shows number of cluster modified in a specific frame of time.

8 Timeline Tool

9 Other Useful Tools Multi-View evidence window can view evidence as : Text Hexidecimal Picture (gallery view for picture files) Disk (view physical clusters that the evidence occupies) Console (view output of EnScript programs) Filters/Queries (specialized search criteria)

10 Other Useful Tools Uses MD5 hashing for evidence files and saved case files. Ability to generate detailed evidence reports – similar to ProDiscover and FTK BootDisk creation tool – creates bootable floppy disk Drive Wiper – secure erase of storage media.

11 Final Thoughts Tools are very in-depth, but can be more difficult to utilize when compared to entry- level tools such as ProDiscover. The proprietary tools such as the timeline can help create clearer evidence. Encase is a very powerful computer forensics program, complete with all the tools necessary to build a solid case.

12 Outcome I learned about the keyfeatures of the proprietary tools of EnCase I am now able to better gauge the quality of various computer forensics software I was not able to use EnCase to its full extent, as the copy I used was a demonstration copy

13 Lessons Learned Do not underestimate a program of such small file size- EnCase is very powerful. To anyone pursuing a project in this area: –Try to find literature or manuals written by fellow users, as the documentation provided with the program is not thorough.

Download ppt "COS413 Capstone – EnCase Software Review Nathan Perkins."

Similar presentations

Introduction to E-Prime for demonstrators/PG Dips Jonathan Stirk.

Introduction to E-Prime for demonstrators/PG Dips Jonathan Stirk.
1 P RESENTED BY D AVE M AUPIN S ECURITY M ANAGEMENT P ARTNERS W ALTHAM, MA WWW. SMPONE. COM.

1 P RESENTED BY D AVE M AUPIN S ECURITY M ANAGEMENT P ARTNERS W ALTHAM, MA WWW. SMPONE. COM.
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
©M Robinson (All Saints College) Replace this with your full name OCR Unit 1 ICT Skills for Business a1 Instructions (this slide should be deleted before.

©M Robinson (All Saints College) Replace this with your full name OCR Unit 1 ICT Skills for Business a1 Instructions (this slide should be deleted before.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
Systems Software Operating Systems.

Systems Software Operating Systems.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
CPG 453 Course Outline Previous Text:  Microsoft Office XP – Illustrated Introductory (Enhanced Edition) by Thomson Course Technology (2003)  This.

CPG 453 Course Outline Previous Text:  Microsoft Office XP – Illustrated Introductory (Enhanced Edition) by Thomson Course Technology (2003)  This.
IT GOVERNANCE AND CYBERCRIME Open Source Forensic Tools 19/04/10.

IT GOVERNANCE AND CYBERCRIME Open Source Forensic Tools 19/04/10.
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
Computer Concepts 7th Edition Parsons/Oja Chapter 3 Computer Software Section A: Software Basics.

Computer Concepts 7th Edition Parsons/Oja Chapter 3 Computer Software Section A: Software Basics.
AS Computing Software definitions.

AS Computing Software definitions.
Avalanche Internet Data Management System. Presentation plan 1. The problem to be solved 2. Description of the software needed 3. The solution 4. Avalanche.

Avalanche Internet Data Management System. Presentation plan 1. The problem to be solved 2. Description of the software needed 3. The solution 4. Avalanche.
Lesson 1 Review Q and A’s.

Lesson 1 Review Q and A’s.

Similar presentations

Ads by Google