Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Verify wiped sectors
- Finish. The Drives dialog opens: 5. Enter ʺYesʺ in the Continue box and click OK.
- Verifying Evidence Files
- Tools > Verify Evidence Files
- Creating a LinEn Boot Disc
- Options
- Glossary of Terms A ASCII
- Burn The process of recording data to an optical disc, such as a CD or DVD. C Case File
- Cluster
520
EnCase Forensic Version 6.11 Userʹs Guide
An options dialog displays. The Verify wiped sectors box is checked by default and the Wipe character is hex 00. If the box is checked, the Wipe Drive program reads each sector and verifies that the wipe character is written throughout. You can enter any hex value in the Wipe character field.
4.
Click Finish. The Drives dialog opens:
5.
Enter ʺYesʺ in the Continue box and click OK.
Using EnCase Tools 521
The drive is completely erased and overwritten with the specified hex string. Wipe Drive displays information about the disk and the operation.
You must reformat this drive in order to use it again. Verifying Evidence Files Verify Evidence Files checks CRC values of selected files. It is a way to ensure that evidence is not tampered with. Verified CRC information is written out to a log file. If a CRC verfication fails, a notification appears and you can log the error to the console, bookmark tab, or log file. Acquire the evidence files. 1.
Click Tools > Verify Evidence Files. The Verify Evidence Files file browser appears.
Select one or more evidence files and click Open. 522
EnCase Forensic Version 6.11 Userʹs Guide
When files are verified, a status report appears.
You have a copy of a Linux distribution. See Creating a LinEn Boot Disc (on page 47) for more information.
Using EnCase Tools 523
Use the Options dialog to customize the software. See the chapter The Options Dialog (on page 155) for complete information on this topic. 1.
The Options dialog opens.
2. Click on a tab to make changes to settings. 3.
527 Glossary of Terms A ASCII ASCII ( American Standard Code for Information Interchange) is a character encoding based on the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that work with text. Most modern character codes have a historical basis in ASCII. ASCII was first published as a standard in 1967 and was last updated in 1986. It currently defines codes for 33 non‐ printing, mostly obsolete control characters that affect how text is processed, plus 95 printable characters.
Bookmarks let you annotate evidence and analytical artifacts. Files, folders, address ranges within files, collections of files or data, and even bookmarks themselves can be book marked.
The process of recording data to an optical disc, such as a CD or DVD.
A text file containing information specific to one case. The file includes pointers to one or more evidence files, devices, bookmarks, search results, sorts, hash analysis results, and signature analysis.
A form of redundancy check for protecting the integrity of data by detecting errors. It works by adding the basic components of a message (typically the asserted bits) and storing the resulting value. Later, anyone can perform the same operation on the data, compare the result to the authentic checksum, and, if the sums match, conclude that the data was not corrupted. A major drawback to checksum is that 1234 generates the same check as 4321.
A cluster is the smallest amount of disk space that can be allocated to hold a file.
A code page interprets a series of bits as a character.
A file containing other file types within it. For example, a Microsoft Word file can contain text, graphics, and spreadsheet files.
The application of scientific method to digital media to establish factual information for judicial review. This process often involves investigating computer systems to determine whether they were used for illegal or unauthorized activities.
The communications between the servlet and the client occur across a connection. This connection may involve communicating through the SAFE.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|