Chapter 10 Advanced EnCase

EnCE Exam Topics Covered in This Chapter:

Locating and mounting partitions (partition recovery)
Mounting files
Windows registry
EnScripts and filters
Email
Base64 encoding
EnCase Decryption Suite (EDS)
Virtual File System (VFS)
Restoration
Physical Disk Emulator (PDE)

This book’s final chapter is a collection of advanced analysis concepts and tools. It begins with working with deleted partitions. I’ll rely heavily on concepts covered in Chapter 2 as I explain the MBR, the VBR, and recovered deleted partitions.

There are a large number of complex files that can be “mounted” within EnCase for further examination and analysis. In this chapter, I’ll describe the various ones supported, how they are mounted, and what ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Chapter 10

Advanced EnCase

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly