EnCase version 7.05 provides the ability to include hyperlinks to original documents and images in reports and offers updated report templates that display more metadata than ever before. View important metadata such as dates, times, physical sector information for unallocated items and hash values. Continue reading to learn how to include hyperlinks in your exported reports.
Feature Spotlight: Embedding Hyperlinks in Exported Reports
EnCase version 7.05 provides the ability to include hyperlinks to original documents and images in reports and offers updated report templates that display more metadata than ever before. View important metadata such as dates, times, physical sector information for unallocated items and hash values. Continue reading to learn how to include hyperlinks in your exported reports.
EnCase v6 to v7 CEIC Session Recap
It is hard to believe CEIC 2012 was almost two months ago. Since CEIC we have been hard at work on EnCase, in fact recently we released an update to v7, v7.04.1. If you did not receive the email notification about this release you can request the software download links by registering your dongle. Look for another great update to v7 coming in the fall, v7.05.
Examining Volume Shadow Copies – The Easy Way!
INTRODUCTION
The Volume Shadow Copy Service (VSS) is a framework that allows volume-backups to be created while file system writes continue to take place.
Originally implemented in Windows XP and Windows Server 2003, VSS was expanded with Windows Vista, resulting in an additional Windows Explorer Previous Versions properties-sheet.
Using Volatility with EnCase
INTRODUCTION
Memory Analysis has come a long way and it is imperative that a good Incident Responder realize the valuable information that can be obtained in analyzing memory.
I have been conducting Incident Response investigation for a few years now and have always used Volatility as my tool of choice. I like it because first off it is open source and I have found it to be very user friendly in identifying possible malware and being able to understand the results that are being retrieved from memory.
CEIC and EnCase Essentials v7 Training
Last week at CEIC we ran four Upgrading EnCase v6 to v7: Who Moved My Cheese? sessions. The sessions were packed with EnCase v6 users who were looking to get past the obstacles that were preventing their full transition to v7. In total we presented to close to 200 attendees and had some really great discussion. By the end of the sessions I could see many of the attendees were ready to get going with v7.
During the process of walking the users through v7 I learned that that quite a few of the folks in each session had yet to view the free EnCase Essentials Training. One of the reasons many had not taken advantage of this free training was that they did not have ready access to the internet at work. Even those who knew about the training were forced to view it during their off hours, when they were able to connect to the internet.
The first thing I did when I got to the office this week was ask our training department to create an offline version of the essentials training and they did. Now anyone that wants to get the basics of v7 can download this offline format of the EnCase Essentials Training and view the lessons anytime, anywhere. In addition, we also updated the companion EnCase Essentials Training Guide, incorporating the changes made in the latest release of EnCase, v7.04. Be sure to download these two files when you get a chance and keep them handy.
On a related note I am planning a v6 to v7 webinar series where we will cover many of the topics that were presented during the CEIC session. Look for more information about this webinar series soon.