Join Us!

Notifications
Clear all

EnCase 101 Blog  

  RSS
LarryDaniel
(@larrydaniel)
Active Member

I have a blog called EnCase 101 that I have not updated in some time. I am thinking about starting to add new posts not that I have a little more time and as time permits.

The question I have for the forum users is; what topics would you like covered?

As someone who has been using EnCase for over 10 years, it is easy to forget that what is second nature to me and my examiners can be quite puzzling to someone just getting started with the software.

For instance, someone the Forensic Software forum asked how to filter by file name in EnCase. The answer is simple if you already know it, but EnCase is not the most intuitive software to use if you don't have a lot of experience with it.

So, I am soliciting suggestions for new posts that I can write or pass on to my examiners to write.

You can post topics here, email them to me directly or PM me via these forums.

Quote
Posted : 03/10/2012 8:02 pm
armresl
(@armresl)
Community Legend

I'm a betting man Larry, I'll take $50 on PM's or email D

ReplyQuote
Posted : 05/10/2012 2:57 pm
0range98
(@0range98)
New Member

Hi Larry, I'm a newbie and don't mind admitting it.

How about an explanation of recover folders, and file mounting, things like that?

ReplyQuote
Posted : 05/10/2012 5:48 pm
LarryDaniel
(@larrydaniel)
Active Member

Good ideas. Thank you.

ReplyQuote
Posted : 05/10/2012 6:45 pm
Shaman
(@shaman)
New Member

Hi Larry, thanks for taking the time!

I mostly use FTK and their Filter system with some Regular Expressions as well. I was wondering if you could do a post in regards to managing EnCase Conditions and GREP?

Thanks and cheers!

Jose

ReplyQuote
Posted : 06/10/2012 12:32 am
creeshie
(@creeshie)
New Member

That would be great Larry. I would +1 the GREP expressions and perhaps the most common steps taken during a theft of IP assessment - USB devices, link files, registry entries etc.

Cheers

ReplyQuote
Posted : 06/10/2012 6:05 pm
LarryDaniel
(@larrydaniel)
Active Member

I have been working on some ideas and should be putting up some posts soon. I am thinking I will do small chunks of information with wide application, rather than trying to show a particular case type.

Some of the posts will seem very basic, but to a new person using EnCase, they should be helpful.

I am also taking a look now at EnCase 7 to see how usable it is with the latest update to 7.05. But the blog will be based on EnCase 6 for some time to come as that is still what I use in my day to day work.

I will keep you posted.

ReplyQuote
Posted : 13/10/2012 11:58 pm
Jonathan
(@jonathan)
Senior Member

But the blog will be based on EnCase 6 for some time to come as that is still what I use in my day to day work.

You had me until this. Was an EnCase user for years, but now a little rusty as X-Ways Forensics is, by some margin, better in every way. Keen to get back into EnCase as a secondary tool, but I've no interest in a version that hasn't been actively developed for 18 months now.

ReplyQuote
Posted : 14/10/2012 1:20 am
LarryDaniel
(@larrydaniel)
Active Member

The most recent update to EnCase 6 was in August of 2012. Version 6.19.6.

ReplyQuote
Posted : 14/10/2012 3:54 am
Jonathan
(@jonathan)
Senior Member

The most recent update to EnCase 6 was in August of 2012. Version 6.19.6.

Just four bug fixes.There's been no active development or new features on 6.x since version 7 came out in June 2011. Version 6 can't even deal with the most basic of things such as .emlx email, and recent releases of Chrome and Firefox history, etc, etc. It's a dead duck.

ReplyQuote
Posted : 14/10/2012 10:08 pm
Share: