Summary

In this chapter, I covered file signature analysis and hash analysis. File signature analysis is a tool or process used within EnCase to identify a file by its header information, if it exists, rather than by the default method, which is file extension. File header and extension information is stored in a database in the file FileTypes.ini. File signature information can be added, deleted, or modified in the File Types view, which is a global view.

Until a file signature analysis is run, which occurs by default when the EnCase Evidence Processor runs, EnCase relies on a file’s extension to determine its file type, which will in turn determine the viewer used to display the data. Once a file signature analysis is run, EnCase will view ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly