Tag Archives: FTK

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 4

Data Generation In order to test and examine the new editions of EnCase and FTK, we need a hard drive with existing data to work with. We want to have something specific to look for when we analyze the drives later on, so we are conducting controlled data generation using computers built for this project […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 3

EnCase v7.10 Updates Windows 8.1 and Server 2012 R2 Support EnCase 7.10, EnCase Examiner, SAFE, and the servlet all support Windows 8.1 and Windows Server 2012 R2. Systems running Windows 8.1 via the Evidence Processor (specifically the Windows Artifact parser) and BitLocker encryption are also supported now, and EnCase system requirements and recommended configurations are […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Part 2

EnCase v7.10 Updates EnCase Portable Capabilities EnCase 7.10 comes with full EnCase Portable capabilities. EnCase portable was a standalone product that worked separately from EnCase Forensic and EnCase Enterprise, however, with this update it is now included. EnCase Portable is a USB key based tool that is designed for non-expert and on-scene use. The goal […]

Continue reading

EnCase 7.1 and FTK 5.5 Tool Evaluation Introduction

Project Introduction Over the past few months, Guidance Software and AccessData both released new updates for their computer forensic programs, EnCase and FTK. With EnCase now in update 7.1 and FTK being in 5.5, there are new and updated features that should be looked at. We could also use this opportunity to record how long […]

Continue reading
Volume Shadow Copy

Volume Shadow Copy Part 3

What we found in the Volume Shadow Copy for Windows 7 After creating a raw image of the Volume Shadow Copy, we were able to view it in both FTK and Encase. We most often used Encase to examine the raw image file and received positive results. We cross referenced the log of what was […]

Continue reading