Encase | How To Analyse "plain" Log-Files
I am fairly new to Encase and Forensic in general.
I've watched a few Tutorials regarding Encase and wanted to play around with some Logfile I have, because "learning by doing" is best imo. The Tutorials I've watched are using Disk-Images only.
So I was wondering if encase can just work with Log-Data (firewall logs, Windows event logs etc.) not within an Image File, but *.log Files.
When I create a new Case and want to add "new evidence" the only Format I can go with are Disk-Images, so I am guessing it won't let me work with "plain" Log-Data. But maybe I am wrong.
Thanks for teaching me, in advance.
If you have log files (or any file) outside of an evidence (image) file, you can introduce those to EnCase as “single files” just by “dragging and dropping” them into EnCase.
They will be referenced as “Single Files”.