EnCase Financial Crime help?

What kind of "financial documents"? There are the obvious spreadsheets, there can also be reports in Word or PDF or similar. What is the G/L system that is in use? There would certainly be files associated with that. Is there a POS or other customer facing system? What about a backend database? Lots of choices, but just shots in the dark without more info.

It's a hard drive taken from a residence, I do not believe the user is computer savue.

If they are not computer savvy then they are unlikely to have Quicken or Money and even less likely to have spreadsheets. What do you think should be found? Maybe web pages with some transactions?

Keyword search or create a condition to give you only the specific file types you want to review. I also suggest using the Encase board for Encase specific questions.

I also suggest using the Encase board for Encase specific questions.

I'm looking for any tips to help me find/recover fiancial documents.

^ That doesn't sound like a very EnCase specific question to me.

To the OP, I agree with BitHead already posted - more information is necessary to advise you in which direction you might have luck looking in. In any investigation, there are some steps which you follow all the time, but the majority of the time, you tailor your investigation based on the kind of evidence you are finding.

Jeff

Assuming Windows, check what they've been using
- Installed programs
- User MRUs
- Common dialogue box
- Prefetch
- Menus/Desktop for user and all users

etc.

Don't forget to extract and review web history.

It will give you some hints about accesses to local files and documents.

You might find tracks of transactions in the URLs you find. For some banks, the originating account, the target account and the amount being transfered are all included in the URL …

You might also find evidence of online storage access and online applications.