Scribd
Upload
2 views19 pages

ISDF Encase Forensic

The document outlines an experiment using the EnCase Forensics Tool, focusing on data collection, preservation, and analysis of digital evidence. It details objectives, expected outcomes, relevant theories, and implementation steps for using the software in forensic investigations. The conclusion emphasizes the importance of EnCase in ensuring the integrity and validity of evidence for legal proceedings.

Uploaded by

VIDIT SHAH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views19 pages

ISDF Encase Forensic

The document outlines an experiment using the EnCase Forensics Tool, focusing on data collection, preservation, and analysis of digital evidence. It details objectives, expected outcomes, relevant theories, and implementation steps for using the software in forensic investigations. The conclusion emphasizes the importance of EnCase in ensuring the integrity and validity of evidence for legal proceedings.

Uploaded by

VIDIT SHAH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Somaiya Vidyavihar University

(Constituent College – K J Somaiya College of Engineering)

Batch: A Roll No.: 16030724019

Experiment / assignment / tutorial


No.2
Grade: AA / AB / BB / BC / CC / CD /DD

Signature of the Staff In-charge with date

Experiment No.: 6

Title: EnCase Forensics Tool

Objectives:
1. Data Collection and Preservation: Acquire and preserve digital evidence from
various storage devices without altering the original data, ensuring integrity.
2. In-Depth File and Activity Analysis: Recover deleted files, analyze file systems,
and investigate user activity (emails, internet history) to uncover hidden or relevant
evidence.
3. Efficient Searching and Reporting: Conduct keyword searches across the data and
generate detailed reports for legal or investigative purposes.

Expected Outcome of Experiment:

CO .

1. Validation of Hypothesis/Objective: The experiment should confirm or refute the


initial hypothesis or achieve the defined objective, providing clarity on whether the
procedure or tool (e.g., EnCase software) meets expectations.
2. Data and Evidence Generation: The experiment is expected to produce clear,
reliable data or evidence, such as recovered files, activity logs, or user interactions,
which are relevant and usable in further analysis.
3. Process Optimization Insights: The experiment should provide insights into the
efficiency, effectiveness, or limitations of the procedures used, potentially highlighting
areas for improvement or further exploration.

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Books/ Papers/Websites referred:

1. https://www.opentext.com/products/encase-forensic
2. https://e-forensic.ca/products/encase-forensic-suite/
3. https://en.wikipedia.org/wiki/EnCase

Pre Lab/ Prior Concepts:

1. Digital Forensics Fundamentals:


It is understanding the investigation process, including evidence collection,
preservation, chain of custody, and maintaining data integrity.
2. File Systems and Data Storage:
Familiarity with file systems (e.g., NTFS, FAT32), data structures, metadata, and how
files are stored, deleted, or hidden in different operating systems.
3. Data Acquisition Methods:
Knowledge of forensic imaging techniques and tools to create exact copies of storage
devices without altering the original data.
4. Search and Recovery Techniques:
Understanding how to recover deleted files, search unallocated space, and use
keyword searches to find relevant data within a digital forensic tool like EnCase.
5. EnCase Software Basics:
Familiarity with EnCase’s interface features for evidence analysis, file recovery, and
report generation.

Related Theory:
1. Forensic Imaging:
The process of creating a bit-by-bit copy of a storage device (e.g., hard drive,
USB) to ensure the original evidence remains intact while enabling analysis.
This concept emphasizes data integrity and ensuring no alterations occur during
the acquisition process.
2. Chain of Custody:
A key legal principle in digital forensics that tracks the handling of evidence

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

from its collection to its presentation in court. Proper documentation ensures


that the evidence remains untampered and admissible in legal proceedings.
3. File Systems and Data Carving:
Understanding different file systems (e.g., NTFS, FAT, EXT) is essential for identifying
how files are stored and recovered. Data carving refers to extracting deleted or
fragmented files from unallocated space or file slack.
4. Metadata and Digital Artifacts:
Metadata is information about a file, such as creation date, modification time, or file
type. Digital artifacts, like logs, browser history, and email headers, help trace user
activities and interactions with the system.
5. Hashing and Data Integrity:
Cryptographic hashing (e.g., MD5, SHA-256) is used to generate unique identifiers for
files or data sets. This ensures the integrity of the data, proving that no changes
occurred during the forensic process.

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Implementation details:
1. Create New Cases
Open EnCase and Launch the EnCase application on your system.

2. Create a New Case:


• Go to the "File" menu and select "New Case".
• A dialog box will appear; enter the case name, number, and any relevant case details
(e.g., investigator name, description).

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

3. Select Case Location:


• Choose a directory where you want the case files to be saved.
• This directory will store all associated evidence, reports, and case information

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

4. Add Evidence:
• After the case is created, you can add evidence by clicking "Add Evidence".
• You can add forensic images, physical drives, or logical evidence files.

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

5. Process the Evidence

• Detail of Evidence

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Image Evidence

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Process Option

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Block View

• Gallery view

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Timeline view

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Artifacts

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Bookmarks

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• TO VIEW BOOKMARKS

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

• Write Block

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024
Somaiya Vidyavihar University
(Constituent College – K J Somaiya College of Engineering)

Conclusion:

EnCase is a vital tool in digital forensics, helping professionals collect,


analyze, and present digital evidence effectively. By understanding key
concepts like forensic imaging, chain of custody, and file systems,
investigators can ensure that evidence is valid for court use. EnCase
streamlines the investigation process, allowing users to manage cases and
recover crucial information from various devices efficiently. This
combination of knowledge and practical skills equips forensic
professionals to address challenges in the digital landscape, supporting the
pursuit of justice.

Date: Signature of faculty in-charge

Department of Computer Engineering


Page No M.Tech.Comp CLab-1 Sem I / Aug 2024

You might also like