Introduction:
Over the past five weeks we have been researching and gathering information on Opentext software EnCase 8, readying ourselves to begin dissecting evidence in our mock investigation. As the EnCase 8 intern team, we have been spending large amounts of time watching YouTube videos and diving deep into the manual provided by Opentext software. Most recently, we have spent time running through our mock story, completing final checks of the data generation and finally starting our data generation in the VM. We are a team of two first year interns trying to get our foot in the door of the digital forensic world. This is our story….
Our Story:
Since day one, we have been slowly figuring out the ins and outs of EnCase 8 and its usability in our investigation. Hours have been spent watching “how to” videos and trying to replicate the actions in EnCase on a flash drive full of files. We have also been doing a heavy amount of reading from the manual, taking notes, and highlighting important commands that will become necessary when using EnCase. One of the main features we needed to know how to do first was imaging drives. To learn how to image a drive, we used a write blocker hooked up to a hard drive and then we followed our notes to image the drive. This was just one of the many important features we will be using with Encase.
Upon completion of our never ending quest to better understand EnCase, we begin to familiarize ourselves with the story we generated as a team of 8 that we’d be using for our investigation. This involved reading through the story day by day and testing the actions from the script that we wrote. Once this was all completed, our team member Matt was the first to run the final data generation in the VM for the first time. He started with opening the tool evaluation VM and began to work his way through the day one script for our mock investigation. Matt followed the script closely while taking detailed notes of anything he added to the script to beef up day one of our data generation. He also took detailed notes on what was displayed on the screen including the time and action that occurred.
Conclusion:
Next up, we will begin to use EnCase by doing keyword searches and gathering artifacts.We are very excited to get our hands on the mock evidence and truly begin our professional digital forensic experience. Expect us to slowly but surely harness the powers of EnCase 8 and dive head first into this investigation evaluating Encase as we go. We will take detailed notes and begin the process of compiling our report on EnCase 8. Stay tuned to hear more about our ups, downs, and everything in between here at the Leahy Center for Digital Investigation. Check in on Instagram @champforensicslcdi and Twitter @ChampForensics!
To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.
Stay in the loop on our current and upcoming projects and events by following us on Facebook, Twitter, or Instagram.