CEIC Sessions on Digital Forensics Deliver on the EnCase Community's Core Competency

(This is part 1 of a three-part series on the all-new, enhanced digital forensics labs and lectures at CEIC 2015.)

Our conversations at CEIC usually dwell on how best to uncover data that will provide evidence to prove a wrongdoing. Today that data and those artifacts are found amongst hundreds of thousands of files on a target system. Only through tens of thousands of investigations by the EnCase community over 18 years and through the application of your hard-won expertise are we able to design a curriculum that serves your most vital needs.

The DNA of CEIC: 18 Years of Digital Forensics Leadership at One Event

Best-in-class digital forensics technology and best-in-class investigators come together at CEIC. Together, we've built a proud heritage, and we're pleased that thousands of you will travel from many parts of the world to attend CEIC 2015 with us.

Ask the Expert: Amber Schroader of Paraben Corporation

Recently, Amber Schroader, the CTO of Paraben Corporation, joined us for a well-attended webinar, Six Keys to Conducting Effective Mobile Forensic Investigations. A number of our attendees had questions that we wanted to capture here along with Amber's answers.

What do you recommend when dealing with the drivers on pay-as-you-go devices?

CEIC 2015: New EnCase Basics Track Shortens Your Learning Curve

Let's talk a little bit about basic training. Nothing is more critical to the success of your EnCase® implementation than the buy-in and performance of the people who use it. After all, if your IT, security, or litigation support specialists fail to successfully learn the software, you can't truly maximize your organization's investment.

If you're one of our newer customers, our new EnCase Basics track at CEIC 2015 makes perfect sense. With four days of focused training and over 1,400 professional peers and experts, CEIC can help you or other new EnCase users in your organization gear up to address new challenges head-on.

Parsing Windows ShellBags Using the ShellBags Parser EnScript

Simon Key

Introduction

ShellBags are used to store settings for shell-folders that have been browsed by the user in the Windows GUI. Each shell-folder is seen by the operating system as an item in the Windows shell namespace, the path to which starts with the user's desktop.

Figure 1 - Viewing the Windows shell namespace in Windows Explorer

Shell-folders won't always be represented as a physical folder on disk. A good example of this might be a shell-folder representing a control-panel category or the results of a search.

ShellBag analysis can be useful from a forensic point of view because it can give a strong indication as to what shell-folders were accessed and when. This can be particularly useful when it comes to shell-folders that have since been deleted or those that were located on a removable disk.

Build New Skills while Rubbing Shoulders with the Industry’s Brightest at CEIC 2015

This year when the best minds in security and digital forensics converge at CEIC May 18-21, 2015, you have an unprecedented opportunity to gaining skills and knowledge on real solutions to your biggest data-related challenges, as well as to collaborate with like-minded professionals who bring to CEIC plenty of war stories not unlike your own.

We’re excited to feature this year’s “EnCase in Action” conference track in today’s blog. We worked hard to pack it with sessions that will put real-world context around some of the EnCase capabilities you've heard so much about.