Notifications
Clear all

EnCase 101 Blog

10 Posts
6 Users
0 Likes
804 Views
(@larrydaniel)
Posts: 229
Reputable Member
Topic starter
 

I have a blog called EnCase 101 that I have not updated in some time. I am thinking about starting to add new posts not that I have a little more time and as time permits.

The question I have for the forum users is; what topics would you like covered?

As someone who has been using EnCase for over 10 years, it is easy to forget that what is second nature to me and my examiners can be quite puzzling to someone just getting started with the software.

For instance, someone the Forensic Software forum asked how to filter by file name in EnCase. The answer is simple if you already know it, but EnCase is not the most intuitive software to use if you don't have a lot of experience with it.

So, I am soliciting suggestions for new posts that I can write or pass on to my examiners to write.

You can post topics here, email them to me directly or PM me via these forums.

 
Posted : 03/10/2012 7:02 pm
(@armresl)
Posts: 1011
Noble Member
 

I'm a betting man Larry, I'll take $50 on PM's or email D

 
Posted : 05/10/2012 1:57 pm
(@0range98)
Posts: 7
Active Member
 

Hi Larry, I'm a newbie and don't mind admitting it.

How about an explanation of recover folders, and file mounting, things like that?

 
Posted : 05/10/2012 4:48 pm
(@larrydaniel)
Posts: 229
Reputable Member
Topic starter
 

Good ideas. Thank you.

 
Posted : 05/10/2012 5:45 pm
(@shaman)
Posts: 10
Active Member
 

Hi Larry, thanks for taking the time!

I mostly use FTK and their Filter system with some Regular Expressions as well. I was wondering if you could do a post in regards to managing EnCase Conditions and GREP?

Thanks and cheers!

Jose

 
Posted : 05/10/2012 11:32 pm
(@creeshie)
Posts: 11
Active Member
 

That would be great Larry. I would +1 the GREP expressions and perhaps the most common steps taken during a theft of IP assessment - USB devices, link files, registry entries etc.

Cheers

 
Posted : 06/10/2012 5:05 pm
(@larrydaniel)
Posts: 229
Reputable Member
Topic starter
 

I have been working on some ideas and should be putting up some posts soon. I am thinking I will do small chunks of information with wide application, rather than trying to show a particular case type.

Some of the posts will seem very basic, but to a new person using EnCase, they should be helpful.

I am also taking a look now at EnCase 7 to see how usable it is with the latest update to 7.05. But the blog will be based on EnCase 6 for some time to come as that is still what I use in my day to day work.

I will keep you posted.

 
Posted : 13/10/2012 10:58 pm
(@jonathan)
Posts: 878
Prominent Member
 

But the blog will be based on EnCase 6 for some time to come as that is still what I use in my day to day work.

You had me until this. Was an EnCase user for years, but now a little rusty as X-Ways Forensics is, by some margin, better in every way. Keen to get back into EnCase as a secondary tool, but I've no interest in a version that hasn't been actively developed for 18 months now.

 
Posted : 14/10/2012 12:20 am
(@larrydaniel)
Posts: 229
Reputable Member
Topic starter
 

The most recent update to EnCase 6 was in August of 2012. Version 6.19.6.

 
Posted : 14/10/2012 2:54 am
(@jonathan)
Posts: 878
Prominent Member
 

The most recent update to EnCase 6 was in August of 2012. Version 6.19.6.

Just four bug fixes.There's been no active development or new features on 6.x since version 7 came out in June 2011. Version 6 can't even deal with the most basic of things such as .emlx email, and recent releases of Chrome and Firefox history, etc, etc. It's a dead duck.

 
Posted : 14/10/2012 9:08 pm
Share: