Join Us!

Encase | How To Ana...
 
Notifications
Clear all

Encase | How To Analyse "plain" Log-Files  

  RSS
neutralChaos
(@neutralchaos)
New Member

Hi,
I am fairly new to Encase and Forensic in general.
I've watched a few Tutorials regarding Encase and wanted to play around with some Logfile I have, because "learning by doing" is best imo. The Tutorials I've watched are using Disk-Images only.

So I was wondering if encase can just work with Log-Data (firewall logs, Windows event logs etc.) not within an Image File, but *.log Files.

When I create a new Case and want to add "new evidence" the only Format I can go with are Disk-Images, so I am guessing it won't let me work with "plain" Log-Data. But maybe I am wrong.

Thanks for teaching me, in advance.

Best Regards
Klara

Quote
Posted : 04/10/2019 10:00 am
hommy0
(@hommy0)
Member

Hi,

If you have log files (or any file) outside of an evidence (image) file, you can introduce those to EnCase as “single files” just by “dragging and dropping” them into EnCase.

They will be referenced as “Single Files”.

Regards

ReplyQuote
Posted : 04/10/2019 10:43 am
Share: