Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Snapshot to DB Module Set
- Lotus Notes Local Database Encryption
- Send to HBGary Responder EnScript
- Installing the Examiner
- Reboot Later or Reboot Now
- Certs Folder
- Forensic EnScript Component Folder
New Features 19
This script takes snapshots of nodes across a network and stores the snapshots in a SQL database. It also reads from the database to create reports on the snapshots taken. It allows for minimal maintenance on the database so that you can control the amount of data stored. Three EnScripts work with the database to perform their tasks:
Initialize Database.EnScript Snapshot to DB.EnScript
Snapshot DB Reports.EnScript Lotus Notes Local Database Encryption EnCase can now decrypt a local Lotus Notes user mailbox (NSF file suffix). The local mailbox is a replica of the corresponding encrypted mailbox on the Domino server.
EnCase Examiner now supports the Windows Vista operating system. EnCase must run as an administrator to access the local Vista computer.
EnCase now includes a servlet for the 64‐bit versions of Windows XP, 2003, and Vista operating systems. If not installed as a service, you must Run as Administrator.
20
EnCase Forensic Version 6.11 Userʹs Guide
This EnScript passes a memory object gathered by EnCase to HBGaryʹs Responder software. EnScript drops the physical evidence device information, byte for byte, into a flat file and sends it to Responder.
The EnCase Installer 21 Installing Security Keys 29
29 Obtaining Updates 30
Configuring Your EnCase Application 30
Vista Examiner Support 40
43
CHAPTER 3 Installing EnCase Forensic
22
EnCase Forensic Version 6.11 Userʹs Guide
The EnCase installer copies the program and its drivers to the end userʹs computer or client and initializes drivers and services with the operating system. The investigator can select where to install the EnCase Examiner. The default is the Program Files folder. If a selected directory exists, the installer overwrites any existing program files, logs, and drivers.
Minimum Requirements For best performance, examination computers should be configured with at least the following hardware and software:
An EnCase security key (also known as a dongle) Certificates for all purchased modules (known as certs)
A current version of EnCase Examiner Pentium IV 1.4 GHz or faster processor
One GB of RAM Windows 2000, XP Professional, or 2003 Server
55 MB of free hard drive space The program also supports the 64‐bit version of Windows. Note: Intel Itanium processors are not supported.
Note: FastBloc SE supports only the USB interface with the 64-bit version.
Installing EnCase Forensic 23
If you are using Local Processing, install the program by inserting the CD into a player and waiting for autostart. Do this for each client. If are using Terminal Services, install the program using the Add/Remove programs wizard on the application server. Once installation begins, a wizard displays:
Note:
C:\Program Files\EnCase6 is the install path default. 1.
2.
Read and agree with the EnCase License Agreement and click Next. 3.
Click Next 24
EnCase Forensic Version 6.11 Userʹs Guide
4.
Select Reboot Later or Reboot Now and click Finish.
Installing EnCase Forensic 25
During installation, the program copies itself and a collection of associated files to the target directory. The installer places a startup icon on the desktop. In addition, a number of folders and files are installed in the target folder during installation. Certs Folder
EnCase.pcert Config Folder
AppDescriptors.ini FileSignatures.ini
FileTypes.ini Filters.ini
Keywords.ini Profiles.ini
TextStyles.ini Storage Folder
CaseReport.ini Compromise Assessment Module.ini
DifferentialReport.ini SweepEnterpriseWEbReport.ini Forensic EnScript Component Folder
Case Processor.EnScript File Mounter.EnScript
Index Case.EnScript Scan Local Machine.EnScript
Webmail Parser.EnScript Yüklə 2,21 Mb. Dostları ilə paylaş:
|