Hello,
I'm trying to figuring out the advantages and disadvantages of using automated filesystem/partition analysis within EnCase vs Manual Analysis by a Practioner.
I've googled it but could not find any information. Can anyone help me out, direct me to any link where I can read more about filesystem analysis using Encase.
Thank
GG
'm trying to figuring out the advantages and disadvantages of using automated filesystem/partition analysis within EnCase vs Manual Analysis by a Practioner.
Well, the best way to attack that is probably to test various cases. Make a file system, test it with EnCase, and figure out what you would need to manually to produced the same results. Repeat.
You can find some relevant tests at http//dftt.sourceforge.net/, but you will almost certainly need to create your own in order to cover all options.
I'm trying to figuring out the advantages and disadvantages of using automated filesystem/partition analysis within EnCase vs Manual Analysis by a Practioner.
Taking a step back for a moment, what are you ultimately trying to accomplish?
Tools like EnCase are great for data parsing and presentation, but the ultimate "analysis" needs to be accomplished by a knowledgeable practitioner, based on the goals of the investigation.