Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Sharing Configuration Files
- To share startup files
- An unidentified program wants access to your computer
- Disabling Microsoft Windows Vista User Account Control
- Turn User Account Control (UAC) on or off
- Account Control (UAC) to help protect your computer
- Restart Now or Restart Later
Installing EnCase Forensic 39
The storage paths tab captures paths used for several files used by the EnCase ® application. The picture shows storage path default settings. You can change the index, cache, and backup folders by entering a new path or by navigating to and selecting the desired folder. In the .ini files box, you can change an .ini folderʹs location and select whether it is writable.
40
EnCase Forensic Version 6.11 Userʹs Guide
Customization can be shared among investigators assigned to an investigation. Each of these INI files is populated by customizations the investigator makes while searching for evidence. The keyword and file signature files may be of particular interest. These case elements are distributed by sharing .INI files. The application must be installed on the recipient machines.
1.
Click Tools > Options > Storage Path. The Storage Path tab of the Options dialog displays. 2.
The Edit <.ini file name> dialog opens containing the path to the ini file. 3.
To navigate to the .INI file, copy the path to the .INI file and paste it into Windows Explorer. 4.
Vista Examiner Support EnCase must run as an administrator in order to access the local Vista computer. 1.
2.
Vista displays a prompt with the heading An unidentified program wants access to your computer:
Installing EnCase Forensic 41
3. Click Allow. Vista does not allow drag and drop between applications with different security levels. You must disable the User Account Control (UAC) to drag files to EnCase from the Windows shell. For details, see Disabling Microsoft Windows Vista User Account Control (on page 41).
Disabling Microsoft Windows Vista User Account Control You can use the User Account Control (UAC) security feature in Microsoft Windows Vista to perform common tasks as a non‐administrator (called standard user) and as an administrator without having to switch users, log off, or use Run As. In prior versions of Windows, the majority of user accounts were configured as members of the local administratorʹs group because administrator privileges are required to install, update, and run many software applications without conflicts and to perform typical system‐level tasks. With UAC enabled, you can run most applications, components, and processes with a limited privilege, but have elevation potential for specific administrative tasks and application functions. To disable UAC, you must be logged on with a credential that is a member of the local administrator group. 1.
42
EnCase Forensic Version 6.11 Userʹs Guide
2. In the Control Panel Home window, enter UAC in the search field. The User Accounts option automatically displays under the search field.
3. In the Control Panel Home window, select Turn User Account Control (UAC) on or off.
4.
The User Account Control message displays, prompting you to continue or cancel.
5. Click Continue. 6.
Account Control (UAC) to help protect your computer, then click OK.
Installing EnCase Forensic 43
7. A message displays prompting you to restart your computer to apply these changes. Click Restart Now or Restart Later to close the User Accounts Task window.
Running a 32-bit Application on a 64-bit Platform There are limitations in running a 32‐bit application (for example, EnCase, SAFE, or Servlet) on a 64‐bit platform. You will only get basic snapshot information such as ports or processes. For full results, you must run the application on the correct platform.
Introduction 45
Viewing the License for LinEn 46
Configuring Your Linux Distribution 48
Performing Acquisitions with LinEn 50 Hashing the Subject Drive Using LinEn 58
CHAPTER 4 Using LinEn Yüklə 2,21 Mb. Dostları ilə paylaş:
|