In our recent webinar with Yuri and Oleg from Belkasoft, we had quite a few interesting questions and even more interesting answers. They presented three case studies that leveraged EnCase Forensic and Belkasoft digital forensics tools to uncover critical evidence. You can watch the on-demand webinar here.
Q: Guys, you mentioned analysis of Live RAM dump created by Belkasoft tool. We use winen.exe tool by Guidance Software. Will you work with dumps created by this tool?
Ask the Expert: Yuri Gubanov, CEO of Belkasoft
- Posted by: Siemens
- On: 4/21/2015
- No comments
- Categories: Belkasoft Evidence Center , Social Media Artifacts
CEIC Sessions on Digital Forensics Deliver on the EnCase Community's Core Competency
(This is part 1 of a three-part series on the all-new, enhanced digital forensics labs and lectures at CEIC 2015.)
Our conversations at CEIC usually dwell on how best to uncover data that will provide evidence to prove a wrongdoing. Today that data and those artifacts are found amongst hundreds of thousands of files on a target system. Only through tens of thousands of investigations by the EnCase community over 18 years and through the application of your hard-won expertise are we able to design a curriculum that serves your most vital needs.
Our conversations at CEIC usually dwell on how best to uncover data that will provide evidence to prove a wrongdoing. Today that data and those artifacts are found amongst hundreds of thousands of files on a target system. Only through tens of thousands of investigations by the EnCase community over 18 years and through the application of your hard-won expertise are we able to design a curriculum that serves your most vital needs.
The DNA of CEIC: 18 Years of Digital Forensics Leadership at One Event
Best-in-class digital forensics technology and best-in-class investigators come together at CEIC. Together, we've built a proud heritage, and we're pleased that thousands of you will travel from many parts of the world to attend CEIC 2015 with us.
Ask the Expert: Amber Schroader of Paraben Corporation
Recently, Amber Schroader, the CTO of Paraben Corporation, joined us for a well-attended webinar, Six Keys to Conducting Effective Mobile Forensic Investigations. A number of our attendees had questions that we wanted to capture here along with Amber's answers.
What do you recommend when dealing with the drivers on pay-as-you-go devices?
CEIC 2015: New EnCase Basics Track Shortens Your Learning Curve
Let's talk a little bit about basic training. Nothing is more critical to the success of your EnCase® implementation than the buy-in and performance of the people who use it. After all, if your IT, security, or litigation support specialists fail to successfully learn the software, you can't truly maximize your organization's investment.
If you're one of our newer customers, our new EnCase Basics track at CEIC 2015 makes perfect sense. With four days of focused training and over 1,400 professional peers and experts, CEIC can help you or other new EnCase users in your organization gear up to address new challenges head-on.
If you're one of our newer customers, our new EnCase Basics track at CEIC 2015 makes perfect sense. With four days of focused training and over 1,400 professional peers and experts, CEIC can help you or other new EnCase users in your organization gear up to address new challenges head-on.
Parsing Windows ShellBags Using the ShellBags Parser EnScript
Introduction
ShellBags are used to store settings for shell-folders that have been browsed by the user in the Windows GUI. Each shell-folder is seen by the operating system as an item in the Windows shell namespace, the path to which starts with the user's desktop.Figure 1 - Viewing the Windows shell namespace in Windows Explorer |
Shell-folders won't always be represented as a physical folder on disk. A good example of this might be a shell-folder representing a control-panel category or the results of a search.
ShellBag analysis can be useful from a forensic point of view because it can give a strong indication as to what shell-folders were accessed and when. This can be particularly useful when it comes to shell-folders that have since been deleted or those that were located on a removable disk.