Hi!
We know, that a lot of digital forensic examiners use or want to start using EnCase Forensic, so we decided to write a few how-to's. This is the first one
http//
What other how-to's would you like to see at WeAre4n6?
You mean "Evidence Processor"?
EnCase has muddled the naming convention, but the script is called "Evidence Processor" throughout the documentation, not "EnCase Processor" despite what the window title says.
EnCase Processor sometimes used to refer to the EnCase Processor Node, not the Evidence Processor.
Then, there is the old script "Case Processor" which now only does two things.
You already mentioned the easy button of "Case Analyzer", and the "Case Manager" which should never be looked at unless the processing seems hung.
It is like Guidance had only three words, and had to use all combinations to have the product pass QC…
There is an "EnCase Processor" that is a 64bit evidence processing installer that can be used to process data separately while you view evidence files. Its sorta like distributed so that if you have network-linked forensic analysis servers, the beefier machine can do the heavy lifting while the other is used for review of the same data.
Its tricky to setup right, but when you get it working, it can save you a lot of time.