Microsoft Word EnCase Forensic Version 11 User's Guide doc
Yüklə 2,21 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Enterprise EnScript Programs
- Document Incident
- Quick Snapshot
- Snapshot Differential Report
- Conclusion
- Machine Survey Servlet Deploy
- To deploy servlets using Machine Survey Servlet Deploy
478
EnCase Forensic Version 6.11 Userʹs Guide
To remove the association, clear the check box.
EnScript 479
481
EnScript Example Code 499 Packages 505
511
CHAPTER 13 EnScript Analysis 480
EnCase Forensic Version 6.11 Userʹs Guide
The EnScript ® language is a scripting language and Application Program Interface (API). It is designed to operate within the EnCase ® software environment. Although similar to ANSI C++ and Java, not all the functions available in these languages are available. The EnScript language uses the same operators and general syntax as C++, though classes and functions are different. Classes, and their included functions and variables, are found in the EnScript Types panel in the Tree pane. Note: For general information on a particular element, highlight it in the Code panel and press F1 to find the element in the EnScript Types panel. EnScript programs allow investigators and programmers to develop utilities to automate and facilitate forensic investigations. The programs can be compiled and shared with other investigators. A programming background and an understanding of object‐oriented programming are helpful for coding in EnScript. Note: For more detailed information on the EnScript programs included with the EnCase application, refer to the EnCase Programs User Manual. Note: For additional help in programming with the EnScript language, you can attend a training class or visit the EnScript message board.
EnScript Analysis 481
Enterprise EnScript programs contain programs typically used with enterprise cases. Many of these programs require a SAFE to be set up to properly use them. The available Enterprise Enscript Programs are:
investigation. Machine Survey Servlet Deploy: used to manage, deploy, remove and install SAFEs and servlets to machines on the network. Quick Snapshot: used to quickly take a snapshot of a machine that is currently being investigated. Remote Acquisition Monitor: used to monitor remote acquisitions between the servlets and a network storage device. Snapshot Differential Report: used to report on differences of snapshots take over a period of time.
Sweep Enterprise: used to conduct thorough examinations on computers specified from the network tree. To view Enterprise EnScript programs: 1.
In the Filter pane, click EnScript to display the EnScript panel. 2.
Open the Enterprise folder from the EnScript tree to see available scripts listed in the Table pane.
3.
To run a script, double‐click it in the table.
482
EnCase Forensic Version 6.11 Userʹs Guide
Use Document Incident to generate a report containing details of an incident that required investigation. Open a case. 1.
Double‐click on the Document Incident EnScript Program. 2.
Enter the following details in the General Info tab:
Incident Reference Number Primary Contact
Alternate Contact Incident Timing
EnScript Analysis 483
3. Click the Incident Details tab and enter information in the following fields:
Incident Type Other Type
Status
Intent
Incident Cause
Incident Impact Affected Systems
484
EnCase Forensic Version 6.11 Userʹs Guide
4. Click the Conclusion tab and enter the recommended course of action and comments:
5.
Click OK The Program generates a report. Click the name of the incident in the bookmarks panel to view the report in the table pane.
Use Machine Survey Servlet Deploy to deploy servlets to machines on the network. To use this method of deployment, you will need the following:
IP addresses, or a range of all nodes where you want to deploy A common username and password for all nodes where you want to deploy To deploy servlets using Machine Survey Servlet Deploy: 1.
Open the EnCase Program. 2.
Click the EnScript tab in the filter pane. 3.
Expand the Enterprise folder by clicking the + next to it. Yüklə 2,21 Mb. Dostları ilə paylaş:
|