I just joined this forum. I have to do an analysis of a computer that has been hacked. I use FTK and EnCase. I got the disk image. How do I find the traces of hacker attacks. What are your suggestions? Thank you  

Is this for a practical exam or exercise? What information have you been given about what transpired to believe they were hacked and the computer needs analysis? Did you follow best practices when imaging like utilizing a write blocker?  

I use FTK and EnCase.

Are you a student?
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

The user login in to the online game account. After a while, the error message is receiving. the game connection is disconnection. the wireless network connection is disconnection.  

Based on what you just provided, sounds like you're just dropping from WiFi. What is the error message?  

- Igor_Michailov

I use FTK and EnCase.

Are you a student?

Digital Forensics Investigator.  

- north

The user login in to the online game account. After a while, the error message is receiving. the game connection is disconnection. the wireless network connection is disconnection.

Which EXACT Operating System?
Which EXACT online game?
Which EXACT browser (if any)?
Which EXACT error message?
Coming EXACTLY from WHAT? (OS, game, browser, connection/router)

In any case the first thing you should do is a FULL timeline of the system, i.e. put *everything* that left *any* trace in logs, system files, filesystem, etc. in a date/time ordered table.
*something* must have happened before the computer showed the behaviour you vaguely summed up, or *something* must have triggered this behaviour.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -