So, as the raw images and the EnCase images are in the same format, I chose the EnCase one An Hex Editor will be a first step to represent this data into HEX format, in a more structured way (that’s just an example, no need to do this step to continue reading the article) It’s not quite human readable, it’s not meant to be in fact…a computer program will do it for you, interpreting the raw data into a human readable format. What are these symbols ? These are just Unicode representation of the raw datas encoded into the Hard Disc Drive.
It will be a file full of exotic symbols, that you can see by yourself just clicking on one of the image link : The final format of the image will be the same, either using the disc drive image or the EnCase image. An EnCase image was obtained using the EnCase Imager software : It has far reaching capabilities for forensic analysis. Where to start from ? We have a disc drive image (split in 8 parts) and also an EnCase image…what is the difference ? Should we consider both in our analysis, or choosing one of the two images is ok ?ĮnCase is one of the most popular computer forensic solution available. A hard drive disc image has been generated and made available to us for analysis This is quite vintage…so, an old Dell CPi notebook computer has been found and it is suspected that a so called hacking suspect “ Greg Schardt“, is the owner of this device. There has been several reviews of this case already with published solutions, so I hope that my article brings some value to you guys
In this first article, I have taken a test image called “ Hacking Case“. On the home page, please follow the link to the NIST website where you can access several test images : I found an excellent website for this :, were you can practically train yourself to Computer Forensics. Instead of writing a general or theoretical article, I decided to search for test images and provide a technical walkthrough of simulated test images In the following articles, I will focus on Computer Forensics techniques.
0 kommentar(er)
