I'm doing training for OLAF program in Opatija, currently my courses are EnCase Forensic II and
EnCase Mac and Linux Forensics. Preparations for this event was my occupation for last few weeks.
There are some very interesting experiences related to machines tools used. It is about 200 PC machines with same HW and SW configuration (there are difference in number of disks since EnCase v7 requires 3 disks to work efficiently). It a good statistical test sample actually. What is interesting is variations in the behavior of the forensic tools. HW is practically from same batch of serial numbers and SW is cloned installation it is interesting to see how tools are acting, especially how reported errors are influencing outcomes of forensics tasks. Up to this moment we have only two such situations first when partition finder script failed and when evidence processor module reported error and were unable to finish processing and create required records folders. It was about 25% percent machines which had impact on correctness of the results.
EnCase Mac and Linux Forensics. Preparations for this event was my occupation for last few weeks.
There are some very interesting experiences related to machines tools used. It is about 200 PC machines with same HW and SW configuration (there are difference in number of disks since EnCase v7 requires 3 disks to work efficiently). It a good statistical test sample actually. What is interesting is variations in the behavior of the forensic tools. HW is practically from same batch of serial numbers and SW is cloned installation it is interesting to see how tools are acting, especially how reported errors are influencing outcomes of forensics tasks. Up to this moment we have only two such situations first when partition finder script failed and when evidence processor module reported error and were unable to finish processing and create required records folders. It was about 25% percent machines which had impact on correctness of the results.
Awesome post!,
ReplyDeleteYou have blog post with very nice information. I am regular reader of blog. I like your great job..
Keep sharing.....
Thanks
Digital Forensics Course Mexico