You are previewing EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition.
O'Reilly logo
EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition

Book Description

The official, Guidance Software-approved book on the newest EnCE exam!

The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software's EnCase Forensic 7. The only official Guidance-endorsed study guide on the topic, this book prepares you for the exam with extensive coverage of all exam topics, real-world scenarios, hands-on exercises, up-to-date legal information, and sample evidence files, flashcards, and more.

  • Guides readers through preparation for the newest EnCase Certified Examiner (EnCE) exam

  • Prepares candidates for both Phase 1 and Phase 2 of the exam, as well as for practical use of the certification

  • Covers identifying and searching hardware and files systems, handling evidence on the scene, and acquiring digital evidence using EnCase Forensic 7

  • Includes hands-on exercises, practice questions, and up-to-date legal information

  • Sample evidence files, Sybex Test Engine, electronic flashcards, and more

If you're preparing for the new EnCE exam, this is the study guide you need.

Table of Contents

  1. Cover
  2. Acknowledgments
  3. About the Author
  4. Introduction
  5. Chapter 1: Computer Hardware
    1. Computer Hardware Components
    2. Partitions
    3. File Systems
    4. Summary
    5. Exam Essentials
    6. Review Questions
  6. Chapter 2: File Systems
    1. FAT Basics
    2. NTFS Basics
    3. CD File Systems
    4. exFAT
    5. Summary
    6. Exam Essentials
    7. Review Questions
  7. Chapter 3: First Response
    1. Planning and Preparation
    2. Handling Evidence at the Scene
    3. Summary
    4. Exam Essentials
    5. Review Questions
  8. Chapter 4: Acquiring Digital Evidence
    1. Creating EnCase Forensic Boot Disks
    2. Booting a Computer Using the EnCase Boot Disk
    3. Drive-to-Drive DOS Acquisition
    4. Network Acquisitions
    5. FastBloc/Tableau Acquisitions
    6. FastBloc SE Acquisitions
    7. LinEn Acquisitions
    8. Enterprise and FIM Acquisitions
    9. EnCase Portable
    10. Helpful Hints
    11. Summary
    12. Exam Essentials
    13. Review Questions
  9. Chapter 5: EnCase Concepts
    1. EnCase Evidence File Format
    2. CRC, MD5, and SHA-1
    3. Evidence File Components and Function
    4. New Evidence File Format
    5. Evidence File Verification
    6. Hashing Disks and Volumes
    7. EnCase Case Files
    8. EnCase Backup Utility
    9. EnCase Configuration Files
    10. Evidence Cache Folder
    11. Summary
    12. Exam Essentials
    13. Review Questions
  10. Chapter 6: EnCase Environment
    1. Home Screen
    2. EnCase Layout
    3. Creating a Case
    4. Tree Pane Navigation
    5. Table Pane Navigation
    6. View Pane Navigation
    7. Summary
    8. Exam Essentials
    9. Review Questions
  11. Chapter 7: Understanding, Searching For, and Bookmarking Data
    1. Understanding Data
    2. EnCase Evidence Processor
    3. Searching for Data
    4. Summary
    5. Exam Essentials
    6. Review Questions
  12. Chapter 8: File Signature Analysis and Hash Analysis
    1. File Signature Analysis
    2. Hash Analysis
    3. Summary
    4. Exam Essentials
    5. Review Questions
  13. Chapter 9: Windows Operating System Artifacts
    1. Dates and Times
    2. Recycle Bin
    3. Link Files
    4. Windows Folders
    5. Recent Folder
    6. Desktop Folder
    7. My Documents/Documents
    8. Send To Folder
    9. Temp Folder
    10. Favorites Folder
    11. Windows Vista Low Folders
    12. Cookies Folder
    13. History Folder
    14. Temporary Internet Files
    15. Swap File
    16. Hibernation File
    17. Print Spooling
    18. Legacy Operating System Artifacts
    19. Windows Volume Shadow Copy
    20. Windows Event Logs
    21. Summary
    22. Exam Essentials
    23. Review Questions
  14. Chapter 10: Advanced EnCase
    1. Locating and Mounting Partitions
    2. Mounting Files
    3. Registry
    4. EnScript and Filters
    5. Email
    6. Base64 Encoding
    7. EnCase Decryption Suite
    8. Virtual File System (VFS)
    9. Restoration
    10. Physical Disk Emulator (PDE)
    11. Putting It All Together
    12. Summary
    13. Exam Essentials
    14. Review Questions
  15. Appendix A: Answers to Review Questions
    1. Chapter 1: Computer Hardware
    2. Chapter 2: File Systems
    3. Chapter 3: First Response
    4. Chapter 4: Acquiring Digital Evidence
    5. Chapter 5: EnCase Concepts
    6. Chapter 6: EnCase Environment
    7. Chapter 7: Understanding, Searching For, and Bookmarking Data
    8. Chapter 8: File Signature Analysis and Hash Analysis
    9. Chapter 9: Windows Operating System Artifacts
    10. Chapter 10: Advanced EnCase
  16. Appendix B: Creating Paperless Reports
    1. Exporting the Web Page Report
    2. Creating Your Container Report
    3. Burning the Report to CD or DVD
  17. Appendix C: About the Additional Study Tools
    1. Additional Study Tools
    2. System Requirements
    3. Using the Study Tools
    4. Troubleshooting
  18. Index
  19. Advertisement