Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
547
Guidance Software Displaying Tree Entry Information for One Branch • 118 Document Incident • 476 Doing a Crossover Cable Preview or Acquisition • 55
Doing a Drive-to-Drive Acquisition Using LinEn • 51
Doing a Typical Acquisition • 194 Dynamic Disk • 223 E
Edit Bookmark Folder Dialogs • 422 Edit Datamarks Dialog • 421 Edit Folder Dialog • 423 Edit Folder Information/Structure Bookmarks Dialog • 419 Edit Highlighted Data Bookmarks Dialog • 418 Edit Log Record Bookmarks Dialog • 421 Edit Menu • 63 Edit Notable File Bookmarks Dialog • 420 Edit Note Bookmarks Dialog • 419 Edit SAFE Dialog • 162 Edit Snapshot Bookmarks Dialog • 420 Editing a Bookmark • 415, 416 Editing a Filter • 131 Editing a Package • 503 Editing a Signature • 328 Editing Conditions • 141 EFS Files and Logical Evidence (LO1) Files • 393
Email Report • 441 Enabling or Disabling Entries in the Report • 438, 448 Enabling the Forensic Administrator Role on the CREDANT Server • 389 EnCase Evidence Files • 178 EnCase Examiner Support for Microsoft Vista • 19
EnCase® Forensic • 520 Encode Preview • 358 Encrypted Block • 319 Encryption • 520 Encryption Support • 375 EnScript Analysis • 473, 474 EnScript Debugger • 493 EnScript Example Code • 492 EnScript File Mounter • 496 EnScript Help • 498 EnScript Programming Language • 333 EnScript Programs Shortcut Submenu • 510 EnScript Tab • 38 EnScript Types • 334, 498 EnScript® Language • 520 Entering Non-English Content without Using Non-English Keyboard Mapping • 462 Enterprise EnScript Programs • 180, 475 Error Handling • 270 Evidence File • 520 Evidence File Time Zones • 170 Examiner • 520 Exchange Server Synchronization • 299 Exclude File Bookmarks • 431 Exclude Files • 128, 355, 357 Exclude Folder • 432 Excluding Bookmarks • 431 Excluding Search Hits • 127 Expand All • 116 Export Folder • 520 Export Keywords • 345 Export to *.msg • 370 Exporting a Machine Profile from the SafeBoot Server • 380 Exporting a Report • 448 Exporting Conditions • 144 Exporting Filters • 137 Exporting to *.msg • 370 Extracting Email • 366
FastBloc® • 521 FAT, HFS and CDFS Time Zone Specifics • 172 File Allocation Table (FAT) • 521 File Group Bookmarks • 397 File Hashing • 335 File Menu • 62 File Mounter • 488 File Selection Page of the Copy/UnErase Wizard • 277
File Signature • 521 File Signatures • 324 File Signatures with Suffixes • 325 File Slack • 521 File Viewer Features • 288 File Viewers • 288 Filter Pane • 521 Filter Pane Menu • 76 Filtering Effects in Table Pane • 94 Filters • 129 Filters Pane • 93 Filters Pane Menu • 105 Find • 148 Fitting Columns to Data • 125 548
EnCase Forensic Version 6.11 Userʹs Guide Guidance Software
Folder Information/Structure Bookmarks • 397 Font • 521 Fonts Tab of the Options Dialog • 36 Forensic EnScript Code • 484
Gallery Tab • 146, 314 General Time Zone Notes • 172 Generating an Index • 362 Generating Reports on the Database • 262 Getting Ready to Acquire the Content of a Device • 180 Global Tab • 33 Globally Unique Identifier (GUID) • 521 Glossary of Terms • 517 Goto • 148 GREP • 521 GUID • 521 Guidance Software • 527 H
Hardware Disk Configuration • 224 Hash • 522 Hash a New Case • 335 Hash Analysis • 334 Hash Sets • 336, 522 Hashing • 236 Hashing the Subject Drive Once Previewed or Acquired • 237 Hashing the Subject Drive Using LinEn • 57, 236 Help for EnScript Modules • 495 Help Menu • 78 Hexadecimal • 522 Hiding Columns • 124 Highlighted Data Bookmarks • 396 Host Protected Area (HPA) • 522
If the Restored Disk Does Not Boot • 255 Import Keywords • 345 Importing Conditions • 143 Importing Filters • 137 Include EnScript • 497 Included Enscript Components • 333 Increasing the Number of Images Per Row • 316 Index • 522 Index Case • 490 Indexing • 152, 360 Indexing a Case • 152 Individual Panes • 88 Initializing the Database • 256 Installed Files • 25 Installing EnCase Forensic • 21 Installing Security Keys • 29 Installing the Examiner • 23 Integers • 402 Internet History Searching • 350 Internet Protocol Address (IP) • 522 Internet Report • 442 Internet Searching • 351 Introduction • 15, 45 K
Keyword • 522 Keyword Searches • 339 Keyword Tester • 343 L
Leaving Console Mode • 218 LEF EFS Encryption Enhancement • 17 Legal Notification • 527 LinEn Set Up Under Red Hat • 48 LinEn Set Up Under SUSE • 48 LinEn Utility • 522 Live Device and FastBloc Indicators • 181 Local Keywords • 345 Locally Encrypted NSF Parsing Results • 321 Log Record Bookmarks • 398 Logical Evidence File • 523 Logical Evidence Files • 178, 238 Logical Restore • 254 Logon Wizard • 157 Logon Wizard Users Page • 158 Lotus Notes Local Database Encryption • 18 Lotus Notes Local Encryption Support • 317 M
Machine Survey Servlet Deploy • 478 Maintaining the Database • 257 Malware • 523 Manually Create App Descriptor • 373 Minimum Requirements • 22 Mode Selection • 54 Modifying Case Related Settings • 167 Modifying the Table Pane • 122 Modifying the View Pane • 148 Mount, Mounting • 523 Mounting Compound Files • 490 549
Guidance Software Moving a Table Entry into a Folder Using the Right-Click Drag Method • 425, 427 Moving a Table Entry or Folder into a Folder Using the Drag Method • 428
Navigating the EnCase Interface • 59 Navigating the Tree Pane • 115 Network Tree • 523 New Case Wizard • 164 New Features • 17 New File Viewer Dialog • 289 New Package Dialog • 499 New Technology File System (NTFS) • 523 New Text Styles Dialog • 456 New Text Styles Dialog Attributes Tab • 456 New Text Styles Dialog Code Page Tab • 458 Node • 523 Non-English Language Features • 453 Notable File Bookmarks • 397, 523 Notes Bookmarks • 397 NSF Encryption Support • 376 NTFS • 523 NTFS Compressed Files • 314
Obtaining a Linux Distribution • 48 Obtaining Updates • 30 Open a Case • 173 Opening and Closing Folders with Expand/Contract • 116 Opening the Acquisition Wizard • 203 Options • 514 Options Page • 200 Options Page of the Copy/UnErase Wizard • 279 Organizing Bookmarks • 425 Overview • 177 Overview of Case Structure • 151
Package Features • 498 Package Panel • 499 Packages • 498 Pane • 523 Pane Features • 86 Pane Tab Bar and Pane Tab Bar Menu • 87 Panes • 82 Panes and their Specific Tabs • 98 Panes as Separate Windows • 84 Panes in the Analysis Cycle • 83 Parsing a Locally Encrypted Mailbox • 318 Performing a Crossover Cable Preview or Acquisition • 219 Performing a Drive-to-Drive Acquisition Using LinEn • 213 Performing a Search • 352, 366 Performing a Signature Analysis • 329 Performing Acquisitions with LinEn • 49 Physical Disk Emulator (PDE) • 523 Physical Restore • 251 Physical vs. Logical Restoration • 250 Picture • 401 Port • 523 Preparing the Target Media • 250 Preview Devices Page of the Add Device Wizard • 189 Previewing • 181 Previewing the Content of a Device • 182 Professional Services • 535 Prompt for Value • 270 Properties Panel • 500 Q
Queries • 145 Querying an Index Using a Condition • 361 Querying the Index for Non-English Content • 468 Quick Entry Report • 446 Quick Snapshot • 481 R
RAID-10 • 226 Raw Image Files • 179 Reacquiring an Evidence File • 229 Reacquiring Evidence • 229 Rebuild a Hash Library • 338 Recover Folders on FAT Volumes • 244 Recovering a Database • 301 Recovering Folders • 243 Recovering Folders from a Formatted Drive • 246 Recovering NSF Passwords • 377 Recovering NTFS Folders • 244 Recovering Partitions • 246 Recovering UFS and EXT2/3 Partitions • 246 Reducing the Number of Images Per Row • 316 Redundant Array of Independent Disks (RAID) • 524
Reference Manuals and Release Notes • 528 Regular Expression • 524 550
EnCase Forensic Version 6.11 Userʹs Guide Guidance Software
Reinstalling the Examiner • 28 Remote Acquisition • 231 Remote Acquisition Monitor • 233, 481 Repairing a Database • 302 Report Multiple Files • 439 Report Single Files • 438 Reporting • 437 Resetting Columns • 125 Restoring Evidence • 250 Role Page of the New Case Wizard • 165 Root • 524 Running a 32-bit Application on a 64-bit Platform • 43 Running a Filter • 132 Running a Package • 504 Running Conditions • 142 Running WinEn • 267 S
S/MIME Encryption Support • 389 SAFE Page of the Logon Wizard • 160 SAFE Right-Click Menu • 160 SafeBoot Encryption Support (Disk Encryption) • 381
SafeBoot Setup • 379, 380 Saving a Case • 174 Saving a Case and the Global Application Files • 174
Saving a Case With a New Name or New Location • 174 Scan Local Machine • 490 Search Hits Report • 444 Search Options • 352 Search Page • 197 Searching Email • 366, 368 Searching Entries for Email and Internet Artifacts • 347 Searching for Email • 364, 366 Searching Selected Items • 368 Sector • 524 Secure Authentication For EnCase (SAFE) • 524 Security Key • 524 Selecting Tree Entries for Operations • 120 Send to HBGary Responder EnScript • 19 Send To HBGary Responder EnScript • 504 Servlet • 524 Sessions Sources Page of the Add Device Wizard • 185 Setting a Lock on Columns • 126 Setting Time Zone Options for Evidence Files • 171 Setting Time Zones Settings for Case Files • 170 Setting Up the Storage Machine • 234 Setup for a Drive-to-Drive Acquisition • 50 Sharing Configuration Files • 40 Show Deleted Files • 358 Show Excluded • 434 Show Excluded Files • 356 Showing Columns • 123 Signature • 524 Signature Analysis • 146, 314, 324 Signature Analysis Legend • 332 Single Files • 179 Slack • 524 Snapshot • 524 Snapshot Bookmarks • 398 Snapshot Differential Report • 482 Snapshot to DB Module Set • 18, 255 Software RAID • 221 Sorting a Table • 92 Sources Page • 240 Sources Page of the Add Device Wizard • 183 Specifying and Running an Acquisition • 204 Specifying Database Content • 261 Spyware • 524 Status Line • 96 Steganography • 525 Storage Paths Tab • 39 Styles • 403 Subject • 525 Support • 528 Supported Encryption Algorithms • 387 Supported File Systems and Operating Systems • 179
Supported SafeBoot Encryption Algorithms • 384
Swap File • 525 Sweep Enterprise • 483 System Menu • 61
Tab Right-Click Menu • 88 Table Pane • 91, 525 Table Pane Menu • 72 Table Pane Tabs • 99 Table Tab Columns • 102, 123 Technical Support • 529 Temp Folder • 525 Testing a Non-English Keyword • 467
551
Guidance Software Testing an EDB File • 301 Text • 401 Text Styles • 455 The Console Tab • 114 The Details Tab • 114 The Doc Tab • 111 The EnCase Installer • 21 The Filter Pane and its Tab Bar and View Menu • 75
The Hex Tab • 110 The Main Window • 60 The Options Dialog • 154, 514 The Options Dialog Font Tab • 454 The Output Tab • 115 The Outputs Page of the Create Logical Evidence File • 241 The Picture Tab • 112 The Report Tab • 113 The Table Pane and its Tab Bar and View Menu • 71 The Text Tab • 109 The Transcript Tab • 112 The Tree Pane and its Tab and Sub-Tab Menus • 70 The View Pane and its Tab Bar and View Menu • 73 Time Zone Example • 173 Time Zone Settings • 168 Timeline Tab • 147 Toolbar • 80, 508 Tools Menu • 77, 509 Training • 534 Tree Pane • 89, 525 Tree Pane Tabs • 99 Troubleshooting Security Keys • 29 Turning Filters Off • 136 Turning On Encode Preview • 358 Types of Acquisitions • 193 Types of Entries • 178 U
Unicode • 525 Unicode Fonts • 455 Uninstalling the Examiner • 26 Updating the Database • 258 Users Right-Click Menu • 158 Using a Case • 167 Using a Folder to Organize a Bookmarks Report • 415, 424, 425 Using a Package • 502 Using a Write Blocker • 210 Using Bookmarks • 415 Using EnCase Tools • 507 Using LinEn • 45 Using Snapshots • 180 Using the Dixon Box • 121 Using the Snapshot DB Reports Dialog • 264
Validating Parity on a RAID-5 • 226 Verifying Evidence Files • 513 View Menu • 66 View Pane • 96, 292, 525 View Pane Menu • 74 View Pane Tabs • 106 Viewer File Type Dialog • 289 Viewing a Bookmark on the Table Report Tab • 415, 428, 429 Viewing a Bookmark Report • 440 Viewing Attachments • 367, 368 Viewing Base64 and UUE Encoded Files • 312 Viewing Compound Files • 293 Viewing Compressed Files • 298 Viewing Fewer Columns • 146 Viewing Fewer Rows • 147 Viewing File Content • 273 Viewing File Structure • 293 Viewing Files • 274 Viewing Hash Search Results • 338 Viewing Lotus Notes Files • 299 Viewing Macintosh .pax Files • 307 Viewing More Columns • 146 Viewing More Rows • 147 Viewing MS Exchange Files • 299 Viewing MS Outlook Email • 306 Viewing Non-Unicode Files • 471 Viewing Office 2007 Documents • 310 Viewing OLE Files • 297 Viewing Outlook Express Email • 303 Viewing Record Search Hits • 354 Viewing Registry Files • 295 Viewing Search Hits • 355 Viewing Signature Analysis Results (Part 1) • 330
Viewing Signature Analysis Results (Part 2) • 331
Viewing the File Signature Directory • 325 Viewing the License for LinEn • 46 Viewing Unicode Files • 470 Viewing Windows Thumbs.db • 309 Virtual File System (VFS) • 525 Virtual Machine • 526 552
EnCase Forensic Version 6.11 Userʹs Guide Guidance Software
Vista Examiner Support • 40 VMWare • 526 W
Web Mail Parser • 365 Webmail Parser • 491 When to use a Crossover Cable • 219 Windows • 403 Windows NT - Software Disk Configurations • 222 Windows-based Acquisitions with a non- FastBloc Write Blocker • 213 Windows-based Acquisitions with FastBloc Write Blockers • 211 WinEn • 18, 266 Wipe Drive • 510 Working with Evidence • 177 Working with Non-English Languages • 403, 451, 452 Write Blocker • 526 Yüklə 2,21 Mb. Dostları ilə paylaş:
|