Last week I've been doing very pleasant and intense but still very exhausting EnCase training
Forensic 2 and Transition in 7 days in row. It was for 2 attendees, so more discussion than real training with a lot of time to go trough things, do variations etc.
We have done some scenarios with USB devices and processing, very interesting with some surprises :)
It was very challenging and take a lot of from all of us especially since we put effort on solving some practical problems, I finally get confirmation both attendees survived harsh tempo and EnCase peculiarities.
Version we used is v7,10.01 which is last release, more stable than previous but since not as reliable as now almost formally abandoned version 6. We used processed cases as backup and done real processing during lunch breaks, it was about 1 minute for 1 GB processing time, what is acceptable for small educational images. Caches are now much more stable and indexing is working acceptably, but there are quirks while new views are generated on evidence trough filters and conditions. Missing conditions in bookmarks and some other views are extremely annoying but as user can't do much.
Forensic 2 and Transition in 7 days in row. It was for 2 attendees, so more discussion than real training with a lot of time to go trough things, do variations etc.
We have done some scenarios with USB devices and processing, very interesting with some surprises :)
It was very challenging and take a lot of from all of us especially since we put effort on solving some practical problems, I finally get confirmation both attendees survived harsh tempo and EnCase peculiarities.
Version we used is v7,10.01 which is last release, more stable than previous but since not as reliable as now almost formally abandoned version 6. We used processed cases as backup and done real processing during lunch breaks, it was about 1 minute for 1 GB processing time, what is acceptable for small educational images. Caches are now much more stable and indexing is working acceptably, but there are quirks while new views are generated on evidence trough filters and conditions. Missing conditions in bookmarks and some other views are extremely annoying but as user can't do much.
No comments:
Post a Comment