CHFI v3 Module 14 Forensics Investigations Using Encase.pdf

(1366 KB) Pobierz

Computer Hacking

Forensics Investigator

Module XIV

Forensics Investigations

Using Encase

Module Objective

This module will familiarize you with the following:

•

EC-Council

Evidence files

Verifying file integrity

Hashing

Configuring EnCase

Searching

Bookmarks

Viewing recovered files

Master Boot Record

NTFS starting point

Hash values

Signature analysis

Email recovery

EC-Council

Module Flow

Evidence File

Viewing recovered files

Verifying file integrity

Master Boot Record

Hashing

NTFS starting point

Configuring EnCase

Hash values

Searching

Signature analysis

Bookmarks

B k

Email recovery

reco er

EC-Council

Evidence File

Evidence file is the core component in EnCase.

It consists of:

•

Header

•

Checksum

•

Data blocks

EC-Council

Evidence File Format

Each evidence file is an exact, sector-by-sector

copy of a fl

f floppy or h d di k

hard disk.

Every byte of the file is verified using 32-bit

CRC,

CRC and it is virtually impossible to tamper

with the evidence once it has been acquired.

EnCase compresses large disks into a small size

size,

reducing up to 50% in size.

EC-Council

Plik z chomika:

qfx

Inne pliki z tego folderu:

CHFI v3 Module 02 Law and Computer Forensics.pdf (2867 KB)
CHFI v3 Module 03 Computer Investigation Process.pdf (3529 KB)
CHFI v3 Module 04 First Responder Procedures.pdf (2317 KB)
CHFI v3 Module 05 CSIRT.pdf (2815 KB)
CHFI v3 Module 01 Computer Forensics in Todays World.pdf (1418 KB)

CHFI v3 Module 14 Forensics Investigations Using Encase.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: