Encase | How To Ana...
 
Notifications
Clear all

Encase | How To Analyse "plain" Log-Files

2 Posts
2 Users
0 Likes
1,568 Views
(@neutralchaos)
Posts: 2
New Member
Topic starter
 

Hi,
I am fairly new to Encase and Forensic in general.
I've watched a few Tutorials regarding Encase and wanted to play around with some Logfile I have, because "learning by doing" is best imo. The Tutorials I've watched are using Disk-Images only.

So I was wondering if encase can just work with Log-Data (firewall logs, Windows event logs etc.) not within an Image File, but *.log Files.

When I create a new Case and want to add "new evidence" the only Format I can go with are Disk-Images, so I am guessing it won't let me work with "plain" Log-Data. But maybe I am wrong.

Thanks for teaching me, in advance.

Best Regards
Klara

 
Posted : 04/10/2019 9:00 am
(@hommy0)
Posts: 98
Trusted Member
 

Hi,

If you have log files (or any file) outside of an evidence (image) file, you can introduce those to EnCase as “single files” just by “dragging and dropping” them into EnCase.

They will be referenced as “Single Files”.

Regards

 
Posted : 04/10/2019 9:43 am
Share: