Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Tools Menu
- Webmail Parser
- Logon
- Create Boot Disk
- Whatʹs New
- New, Open, Print, and Refresh
- Print and Refresh.
Navigating the EnCase Interface 77
The Tools menu provides commands to perform analytical operations.
Index Case opens the Index Case dialog, where you include (or exclude) files in the indexing process. You can select a noise file, which is a list of stop words (words that will not be indexed).
whose account files are to be parsed. Case Processor starts the EnScript Case Processor script. You can also start it by opening the Forensic and Enterprise trees in the Filter pane and double‐clicking. The shortcut hot key to start it is Alt+P.
by opening the Forensic and Enterprise trees in the Filter pane and double‐clicking. The shortcut hot key is Alt+S.
which files are searched define keyword searches
perform email searches hash computing, and
other search options 78
EnCase Forensic Version 6.11 Userʹs Guide
Logoff logs you off the enterprise LAN. Wipe Drive opens the Wipe Drive wizard, where you select media you want to completely erase. After using Wipe Drive, you must format the media. Verify Evidence Files opens the Verify Evidence Files browser, where you select files to be verified. Verifying checks the Cyclical Redundancy Check (CRC) values to ensure evidence was not altered.
specify the IP address of the server to be mounted. Options opens the Options dialog, where you define global settings for EnCase, such as
default file locations for a new case fonts to use
highlighting colors seen in the table pane date and time formats Refresh updates the EnCase views based on the content of the folder displayed in the lists or trees. Use this command when you use Windows to add files to the folders of an open case. EnCase is not aware of these changes until you refresh the lists and trees.
The Help menu provides commands that access information and perform tasks associated with using your EnCase ® application. Using the Help menu you can
display the readme help file register your application
find out about your application get information about your license,
learn what modules are installed, and other information.
Navigating the EnCase Interface 79
Register EnCase displays the application registration page, where you can
Find your dongle serial number If connected to the Internet, register your application
If not connected to the internet, find instructions on how to register your application About EnCase tells you which version of EnCase, and which modules, you have installed.
80
EnCase Forensic Version 6.11 Userʹs Guide
The toolbar provides icons for the most frequently used EnCase® program functionality. The toolbar displays on the main window. It contains icons for performing the most frequent tasks in the current application mode or context. When EnCase ® opens in acquisition mode, only the New, Open, Print, and Refresh icons appear in the toolbar. Once a case is opened, the Add Device icon appears. When the application is an enterprise application, the Logon icon appears, and once logged on, the Logoff icon displays. Figure 5 The Main Window Toolbar in Different Modes and Contexts, showing 1) Acquisition mode, and the rest in EnCase Enterprise 2) before logging in and opening a case, 3) after logging in and opening a case, 4) with an acquired device selected from the Entries tree, and 5) with an entry selected from the Entries table.
There is a corresponding menu command for each toolbar icon. When the toolbar is wider than the main window, the toolbar wraps to another line. Some icons are enabled only when they are useful, such as Print and Refresh. The panes and the tabs in the toolbars also provide context‐ dependent icons for functionality, accessed through context‐ dependent, right‐click menus provided in those features.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|