Magnet Forensics has released the Internet Evidence FinderTM (IEF) Evidence Processor Module for EnCase v7. The IEF Evidence Processor Module for EnCase v7 is designed to assist digital investigators with their workflow by allowing them to run Internet Evidence Finder (IEF) from within EnCase, without the need to start IEF separately and point to the same evidence files you already have loaded in EnCase.
This second integration between IEF and EnCase is a follow-up to the previously released IEF Connector for EnCase v6 & v7. This second release was designed as a module that is used in conjunction with the “Process Evidence” feature of EnCase where the user can select any number of ‘modules or options to run against selected evidence.
Trial and full versions of IEF with the IEF Evidence Processor Module for EnCase v7 are available on EnCase App Central.
Once downloaded and installed, the module will appear in the “Evidence Processor” configuration screen, under the “modules” category.
Clicking on the “Internet Artifact Search with IEF by Magnet Forensics” module name, will display the IEF configuration screen:
From here, the investigator can choose the search type and artifact groups that are searched. In addition, the investigator can choose to have the results only stay in the IEF case file (none) or to be copied into the records tab of EnCase (EnCase Records).
Once the IEF Module is selected and run, an IEF search status screen will be displayed to provide feedback and progress of the search:
Once the “Process Evidence” action completes, and if the investigator selected to have the results copied into the records tab of EnCase, the investigator can view the results by looking in the records tab:
Clicking on the Records object (Internet Artifact Search with IEF by Magnet Forensics) will display all the records:
The investigator can then drill down and look at specific records by viewing the “fields” tab in the lower window:
The investigator can then leverage some/all of the built-in EnCase features, such as index searches, filter & conditions, bookmarking & reporting to refine and find specific records of interest.
As always, I appreciate the feedback, comments or questions. You can reach me anytime at lance (at) magnetforensics (dot) com.
You can access and purchase IEF with Evidence Processor Module for EnCase v7 in App Central.
No comments :
Post a Comment