Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- define
- Send To HBGary Responder EnScript
- Tools →Send To Responder
- Toolbar
- Print and Refresh.
- Save
- EnScript Programs Shortcut Submenu
- Wipe Drive Warning!
- To wipe a drive
- Next.
EnScript Analysis 511
6. If you want to control the feature set used via this license, in #define, enter the #defined names associated with the feature set. 7.
Click OK, and then click OK again in the status message box.
Create and build a package. A license may be associated with the package as well.
1.
Copy the created license file to C:\Program Files\EnCase6\Licenses.
2.
Do one of the following:
Change root folder of your EnScript folder to reflect the location of the package created.
Copy the created package to a folder in your current EnScript root folder, normally C:\Program Files\EnCase6\EnScript.
3.
If a license is associated with the package, ensure that the installed security key matches the key(s) entered when creating the license. The EnScript program is now ready to run. 4.
In the EnScript tree in the EnScript panel of the Filter pane, double‐click the package to run it.
Send To HBGary Responder EnScript This EnScript passes a memory object gathered by EnCase to HB Garyʹs Responder software. 1.
512
EnCase Forensic Version 6.11 Userʹs Guide
2. Click Tools→Send To Responder:
3.
EnScript drops the physical evidence device information, byte for byte, into a flat file and sends it to Responder. Here is an example of the file viewed in Windows Explorer:
EnScript Analysis 513
If you specify a device or file other than a physical memory drive, an error message displays: HBGary Responder does not support analyzing Windows Vista memory dump.
516
EnCase Forensic Version 6.11 Userʹs Guide
The toolbar contains icons for the most frequently used EnCase® functions. When you open EnCase ® in acquisition mode, only the New, Open, Print, and Refresh icons display in the toolbar. When you open a case, the Add Device icon displays. There is a corresponding menu command for each toolbar icon. When the toolbar is wider than the main window, the toolbar wraps to another line. Some of the icons are enabled only when they are useful, such as Print and Refresh. The panes and the tabs in the toolbars also display context‐dependent icons, accessed from right‐ click menus. New opens the Case Options wizard for defining a new case. Open displays a dialog for opening an existing case. Print opens the Print dialog. Refresh updates a list or table to reflect changes in the file system. Save opens the Save dialog. Add Device opens the Add Device wizard. Search opens the Search dialog, so you can search evidence associated with the case. Other icons display depending on their context. There is always a corresponding menu command.
Using EnCase Tools 517
The Tools menu, at the top of the display contains commands for various utility programs.
518
EnCase Forensic Version 6.11 Userʹs Guide
The shortcut submenu contains shortcuts to EnScript programs that are designated in the Tools Menu Plugin. The Tools Menu program is in the EnScript panel of the Filter pane. You can modify it to include additional shortcuts from the tools menu. The EnScript Program Shortcuts and the EnScript Program that Provide the Related Command Functionality
Warning!
This procedure completely erases media and overwrites its contents with a hexadecimal character. Invoke Wipe Drive with extreme care. Note: Execute the Wipe Drive utility to remove all traces of any evidence files from a storage drive. To wipe a drive: 1.
Click the Wipe Drive option on the Tools menu. The drive selector displays.
Using EnCase Tools 519
2.
Make initial selections and click Next. The Choose Devices screen displays.
Choose the device targeted for erasure and click Next. Yüklə 2,21 Mb. Dostları ilə paylaş:
|