Encase 8.11 Process...
 
Notifications
Clear all

Encase 8.11 Processor Issues

3 Posts
3 Users
0 Likes
1,408 Views
(@mkel2000)
Posts: 24
Eminent Member
Topic starter
 

I have a case I'm working on that has multiple images; the largest disk's original size was 2TB. What I have done for some time is run multiple passes with Processor to cut down the number of files that I have to index, create thumbnails for, etc. The first pass is to run Hash Analysis using Encase NSRL hash sets, File Signature Analysis and Protected File analysis. Once I get that done, I filter out the Known files based on hash analysis and create a results set with everything else. I then run processing against the results set that includes indexing, thumbnails, email, etc. I can usually cut out several hundred thousand files this way that I don't need to do further processing on.

With 8.11 I discovered that Encase re-runs hash analysis, file signature analysis and protected file analysis every time you run Indexing. It even says it will do this in the right pane of the Processor window if you uncheck one of those items in the processing list. I don't recall in past versions Encase re-running these processes. Encase even warns you that once your run those processes you can't run them again without deleting cache files.

Does anyone know how long Encase has re-run these processes when Indexing if they've already been run? It doesn't make much sense to me given the processing options are selectable/deselectable. I don't want to Index or otherwise process hundreds of thousands of files I will never look at. The 2TB image I mentioned took 12 hours just to hash the first time around and I'm running a system with the fastest and latest components I can buy.

Mark

 
Posted : 01/04/2020 7:02 pm
nightworker
(@nightworker)
Posts: 134
Estimable Member
 

Is there any encase users for process still use it for just email examination ….
Encase is dissapointing legend

 
Posted : 02/04/2020 8:32 pm
Em-Belkasoft
(@em-belkasoft)
Posts: 33
Eminent Member
 

Have you tried other forensics tools to see how they index stuff and what kind of index operations they execute? You might prefer them.

 
Posted : 15/05/2020 4:19 pm
Share: