Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
vi EnCase Forensic Version 6.11 Userʹs Guide Contents
Leaving Console Mode......................................................................................................................... 222 Acquisition Times ................................................................................................................................. 223
Acquiring Non‐local Drives................................................................................................................. 223 When to use a Crossover Cable........................................................................................................... 223
Performing a Crossover Cable Preview or Acquisition ................................................................... 223 Acquiring Disk Configurations ........................................................................................................... 225
Software RAID....................................................................................................................................... 225 Windows NT ‐ Software Disk Configurations .................................................................................. 226
Dynamic Disk ........................................................................................................................................ 227 Hardware Disk Configuration ............................................................................................................ 228
Disk Configuration Set Acquired as One Drive................................................................................ 228 Disk Configurations Acquired as Separate Drives ........................................................................... 229
Validating Parity on a RAID‐5 ............................................................................................................ 230 RAID‐10 .................................................................................................................................................. 230
Acquiring Virtual PC Images .............................................................................................................. 230 CD‐DVD Inspector File Support ......................................................................................................... 230
Acquiring SlySoft CloneCD Images ................................................................................................... 230 Acquiring a DriveSpace Volume......................................................................................................... 231
Acquiring Firefox Cache in Records................................................................................................... 232 Reacquiring Evidence ........................................................................................................................... 233
Reacquiring an Evidence File .............................................................................................................. 233 Adding Raw Evidence Files................................................................................................................. 234
Remote Acquisition .................................................................................................................................... 235 Remote Acquisition Monitor ............................................................................................................... 237
Setting Up the Storage Machine.......................................................................................................... 238 Hashing ........................................................................................................................................................ 240
Hashing the Subject Drive Using LinEn............................................................................................. 240 Hashing the Subject Drive Once Previewed or Acquired ............................................................... 241
Logical Evidence Files ................................................................................................................................ 242 Create Logical Evidence File Wizard.................................................................................................. 243
Sources Page .......................................................................................................................................... 244 The Outputs Page of the Create Logical Evidence File .................................................................... 245
Creating a Logical Evidence File......................................................................................................... 246 Recovering Folders ..................................................................................................................................... 247
Recover Folders on FAT Volumes ...................................................................................................... 248 Recovering NTFS Folders..................................................................................................................... 248
Recovering UFS and EXT2/3 Partitions.............................................................................................. 250 Recovering Folders from a Formatted Drive..................................................................................... 250
Recovering Partitions ................................................................................................................................. 250 Adding Partitions.................................................................................................................................. 251
Deleting Partitions ................................................................................................................................ 253 Restoring Evidence ..................................................................................................................................... 254
Physical vs. Logical Restoration.......................................................................................................... 254 Preparing the Target Media................................................................................................................. 254
Physical Restore..................................................................................................................................... 255 Logical Restore ...................................................................................................................................... 258
Booting the Restored Hard Drive ....................................................................................................... 258 Yüklə 2,21 Mb. Dostları ilə paylaş:
|