Forums
Main Category
General (Technical,...
EnCase 6
 
Notifications
Clear all

EnCase 6

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jonathan 18 years ago
15 Posts
9 Users
0 Reactions
2,060 Views
RSS
 armresl
(@armresl)
Noble Member
Joined: 21 years ago
Posts: 1011
27/02/2007 11:52 pm  

There are not a lot of times where one cab be 100% sure that the MAC times have not been altered.

Usually, you would want to take other events and build it around your main evidence. email, chat logs, installing of windows service packs, internet history, p2p, etc.


   
ReplyQuote
 sijune
(@sijune)
Active Member
Joined: 18 years ago
Posts: 7
28/02/2007 5:28 pm  

In 2 of my evidences i cannot view the sys.evt files, event viewer says they are corrupted, the rest 4 are fine.

Could this mean something ?

armresl, your answer i am afraid is to general.


   
ReplyQuote
 sijune
(@sijune)
Active Member
Joined: 18 years ago
Posts: 7
28/02/2007 8:42 pm  

Lots of files in Encase, although they are e-mails or documents they appear with different strange names .gif, .jpg etc.

Why is that happenning and how can i bring them back to they original form ?

Thanx


   
ReplyQuote
 Earn
(@earn)
Estimable Member
Joined: 20 years ago
Posts: 146
01/03/2007 10:13 pm  

Sounds like you need to take a Encase training class.


   
ReplyQuote
 Jonathan
(@jonathan)
Prominent Member
Joined: 20 years ago
Posts: 878
Topic starter 01/03/2007 11:19 pm  

Lots of files in Encase, although they are e-mails or documents they appear with different strange names .gif, .jpg etc.

Why is that happenning and how can i bring them back to they original form ?

Thanx

Not quite sure, but have you run the "Verify File Signatures" option under the search tab?


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: