Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- CHAPTER 7 Working with Evidence 179
v
Contents CHAPTER 7 Working with Evidence 179
Overview...................................................................................................................................................... 180 Types of Entries ..................................................................................................................................... 180
EnCase Evidence Files .......................................................................................................................... 180 Logical Evidence Files .......................................................................................................................... 181
Raw Image Files..................................................................................................................................... 181 Single Files.............................................................................................................................................. 181
Supported File Systems and Operating Systems.................................................................................... 182 Using Snapshots.......................................................................................................................................... 182
Getting Ready to Acquire the Content of a Device ................................................................................ 183 Previewing ............................................................................................................................................. 183
Live Device and FastBloc Indicators................................................................................................... 184 Previewing the Content of a Device ................................................................................................... 184
Add Device Wizard .............................................................................................................................. 185 Sources Page of the Add Device Wizard ........................................................................................... 186
Sessions Sources Page of the Add Device Wizard............................................................................ 188 Choose Devices Page of the Add Device Wizard ............................................................................. 190
Preview Devices Page of the Add Device Wizard............................................................................ 192 Adding a Device.................................................................................................................................... 193
Completing the Sources Page .............................................................................................................. 194 Completing the Sessions Sources Page .............................................................................................. 195
Completing the Choose Devices Page................................................................................................ 195 Completing the Preview Devices Page .............................................................................................. 196
Acquiring ..................................................................................................................................................... 196 Types of Acquisitions ........................................................................................................................... 197
Doing a Typical Acquisition ................................................................................................................ 197 Acquisition Wizard ............................................................................................................................... 198
After Acquisition Page ......................................................................................................................... 199 Search Page ............................................................................................................................................ 201
Options Page.......................................................................................................................................... 204 Acquisition Results Dialog................................................................................................................... 206
Opening the Acquisition Wizard ........................................................................................................ 207 Specifying and Running an Acquisition ............................................................................................ 208
Completing the After Acquisition Page of the Acquisition Wizard............................................... 209 Completing the Search Page of the Acquisition Wizard.................................................................. 210
Completing the Options Page of the Acquisition Wizard ............................................................... 212 Canceling an Acquisition ..................................................................................................................... 213
Acquiring a Local Drive ....................................................................................................................... 214 Acquiring Device Configuration Overlays (DCO) and Host Protected Areas (HPA)................. 214
Using a Write Blocker ........................................................................................................................... 215 Windows‐based Acquisitions with FastBloc Write Blockers .......................................................... 215
Acquiring in Windows Without a FastBloc Write Blocker.............................................................. 217 Windows‐based Acquisitions with a non‐FastBloc Write Blocker ................................................. 217
Performing a Drive‐to‐Drive Acquisition Using LinEn ................................................................... 218 Acquiring a Disk Running in Direct ATA Mode .............................................................................. 219
Acquiring a Palm Pilot ......................................................................................................................... 220 Yüklə 2,21 Mb. Dostları ilə paylaş:
|