Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Browse for Folder Dialog
- SAFE Page of the Logon Wizard
- SAFEs
- Edit
- Machine Name
- Inbound Port
160
EnCase Forensic Version 6.11 Userʹs Guide
The Update command updates the Users tree display. When a userʹs private key is added to the default C:/Program Files/EnCase6/Keys folder or any other folder specified by the current root path, the tree does not immediately display the new user. The new user appears when the wizard is opened again, or when the User tree is updated. Use the Change Root Path command to specify a folder that contains the private keys of users other than the default folder. Specify the root path in the Browse for Folder dialog. The Users tree contains only those users in the folder specified as the new root path.
Use this dialog to change the root path in the Users tree and the SAFE tree to specify the path to folders containing keys for users or SAFEs. The default path is C:/Program Files/EnCase6/Keys . The Users tree is based on the private keys contained in the folder defined by the root path. The SAFE tree is based on .SAFE files contained in the folder defined by the root path. Both types of files are in the C:/Program Files/EnCase6/Keys folder. Moving these key files while the trees are displayed requires a refresh to update the trees.
Path displays a tree to navigate to the folder containing the keys.
Case Management 161 The SAFE page of the Logon wizard determines if SAFE is associated with and used by the current user.
a SAFE to complete the logon. SAFEs Root Object provides additional functionality through a right‐click menu such as
editing the settings of the SAFE changing the root directory
logging on to a remote SAFE additional commands that expand or collapse the SAFEs tree SAFE Objects provides additional functionality through a right‐click menu such as
editing the settings of the SAFE changing the root directory
logging on to a remote SAFE SAFE Right-Click Menu The SAFE right‐click menu provides additional functionality.
162
EnCase Forensic Version 6.11 Userʹs Guide
enabled.
C:/Program Files/EnCase6/Keys folder or any other folder specified by the current root path, the tree does not immediately display the new user. The new user appears when the wizard is opened again, or when the User tree is updated. Use the Change Root Path command to specify a folder that contains the private keys of users other than the default folder. Specify the root path in the Browse for Folder dialog. The Users tree contains only those users in the folder specified as the new root path.
Use this dialog to change the root path used in the Users tree and the SAFE tree to specify the path to folders containing keys for users or SAFEs. The default path is C:/Program Files/EnCase6/Keys . The Userʹs tree is based on the private keys contained in the folder defined by the root path. The SAFE tree is based on .SAFE files contained in the folder defined by the root path. Both types of files are found in the C:/Program Files/EnCase6/Keys folder. Moving these key files while the trees are displayed requires a refresh to update the trees.
Path displays a tree to navigate to the folder containing the keys.
Case Management 163
The Edit SAFE dialog contains settings that define connections to the SAFE and enable remote login.
164
EnCase Forensic Version 6.11 Userʹs Guide
SAFEs accessed using the named SAFE.
so the SAFE stands between the client and the node. Enabling this setting allows you to provide a value for Inbound Port and to use its value communicating with the remote SAFE.
the IP address specified in Machine Name. Attempt Direct Connection contains settings that determine what kind of connection is made to the specified SAFE. None should be enabled when the target system cannot establish a connection with an EE client. Then all traffic is redirected through the SAFE server. This can increase communication times; however, it provides the investigator with the ability to obtain data that is otherwise not available. Client to Node (Local) should be enabled when the client (Examiner) and the node (servlet) reside on the same network, and the SAFE resides on a different network. This allows data to transfer directly from the node to the client, after the client successfully authenticates through the SAFE. Also the client will use the IP address that the node believes it has, rather then the IP address the SAFE has for the node. In this configuration, the network should be designed so that all the company’s employees are located on the Corporate Desktop Network, and should employ routing/NATing.
address. Typically, the SAFE and node reside on the same subnet, and the client on another. This allows data to transfer directly from the node to the client, after the client successfully authenticates through the SAFE. The client also uses the IP address that the SAFE believes the node has, rather then the IP address the node reports it has to allow a direct connection between the client and node machine. This option is enabled by default. Node to Client operates similarly to the Client to Node (SAFE) mode, except that the node attempts the direct connection to the client. It is used when you desire direct data transfer between the node and the client, and there is NATing or a firewall prohibiting the node from sending data directly to the local IP/default port of the client. Once you check this option, the Client return address configuration box becomes available to enter the NATed IP address and custom port (e.g., 192.168.4.1:1545). The Client return address box is disabled unless this option is selected.
Yüklə 2,21 Mb. Dostları ilə paylaş:
|