Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- The Console Tab
- The Output Tab
- Opening and Closing Folders with Expand/Contract
- Expand All
108
EnCase Forensic Version 6.11 Userʹs Guide
View pane context, where 1) the Table pane contains a table where only one entry can be 2) highlighted for further exploration in 3) a tab in the View pane. 4) Checking table entries does not drive the content displayed in the tab displayed in the View pane. The representation of the highlighted content is made when you 5) select the desired View pane tab. 6) The Hex tab contains a representation consisting of an address, the numeric byte values, and the text representation of those numeric byte values.
Navigating the EnCase Interface 109
The Text tab shows the highlighted file as ASCII text.
110
EnCase Forensic Version 6.11 Userʹs Guide
The Hex tab shows a split view of a file with hexadecimal values on the left and ASCII on the right.
Navigating the EnCase Interface 111
The Doc tab of the View pane uses Oracle Outside In technology to display text in its native format.
This viewer technology provides application software developers with high‐fidelity document viewing without having to use native applications for more than 390 file formats on Windows platforms.
112
EnCase Forensic Version 6.11 Userʹs Guide
The Transcript tab uses Oracle Outside In technology to extract text from a file containing more than text. The Transcript tab displays plain text content pulled from its non‐plain text native format. This makes it especially attractive for creating sweeping bookmarks inside files that are not normally stored as plain text, such as Excel spreadsheets.
The Picture Tab The Picture tab of the View pane displays the contents of an image file.
Navigating the EnCase Interface 113
The Report tab displays a detailed list of file attributes in the View pane.
114
EnCase Forensic Version 6.11 Userʹs Guide
Use the Console tab to view output status messages when running EnScript ® programs.
The Details tab provides file extent information. To view file extents 1.
2.
Scroll to the file extents column in the Table pane and click File Extents in some row. 3.
Click the Details tab in the Reports pane to view the file extents. The figure below shows the first eight file extents from a piece of evidence.
Navigating the EnCase Interface 115
Use the Output tab to obtain output from various EnScript ® programs.
The Tree pane presents a structured view of all gathered evidence in a Windows‐like folder hierarchy. Use the structured view when exploring Entries, Bookmarks, Search Hits, Keywords, and other views of evidence. You can add folders to the structure to suit your working requirements. Note that some folders have a plus sign (+) next to them. Clicking the plus sign opens the folder and displays its contents.
116
EnCase Forensic Version 6.11 Userʹs Guide
In the figure above, the Documents and Settings folder is expanded to show the five folders it contains. Note that the symbol next to the open folder is a ‐ sign, indicating the folder is expanded.
Use the Edit menu or right‐click in the Tree pane to use Expand/Contract to open or close the hierarchy at the point of the highlighted item. To open and close all folders displayed in the Tree pane, do one of the following:
Right‐click the folder and choose Expand/Contract from the right‐click menu. Click the Expand/Contract icon (+ or ‐).
With the folder highlighted, press the space bar.
You can expand all nested folders beneath the highlighted folder with one menu click. If the entire Tree pane hierarchy is closed, or if one or more folders are open, the entire tree can be expanded to display all of the contents.
Navigating the EnCase Interface 117
Use the right‐click Expand All command to show all of the hierarchy. Start at the Entries root to open all available folders.
Contract All You can close an entire tree with one menu click. If one or more folders is expanded beneath the highlighted item, the entire tree is contracted. Contract the entire table by opening the Edit Menu, then click Contract All.
The hierarchical tree contracts and displays the highlighted item only.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|