Greetings.
There is a active discussion topic on "Guideline for EnCase workflow" created by Kovar and it seems to have some excellent information. Does anyone have a FTK workflow guidelines?
Thanks,
Hi,
A few things change, like you could (instead of would) run select .rsr files to get a specific data set out.
Do your data carving up front and add items to case
Conduct live searches for common email artifacts
Process a case/info report
Case Backup
Prepare the report wizard for type of information you want in the report as well as any files which need to be exported.
A lot of things are based on what FTK version you are using as the more recent versions with distribution appear to cut times down so in essence you should be able to add more up front processing and not sacrifice station time or dongles. And IMHO a lot is dependent on how many dongles you have. If you have one FTK dongle but multiple cases you need to work on, you end up hostage to your workstation.