Description

Book Synopsis
The official, Guidance Software-approved book on the newest EnCE exam!

The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software''s EnCase Forensic 7. The only official Guidance-endorsed study guide on the topic, this book prepares you for the exam with extensive coverage of all exam topics, real-world scenarios, hands-on exercises, up-to-date legal information, and sample evidence files, flashcards, and more.

  • Guides readers through preparation for the newest EnCase Certified Examiner (EnCE) exam
  • Prepares candidates for both Phase 1 and Phase 2 of the exam, as well as for practical use of the certification
  • Covers identifying and searching hardware and files systems, handling evidence on the scene, and acquiring digital evidence using EnCase Forensic 7
  • Includes hands-on exercises, practice questions, and up-to-date legal inform

    Table of Contents

    Introduction xxi

    Assessment Test xxvii

    Chapter 1 Computer Hardware 1

    Computer Hardware Components 2

    The Boot Process 14

    Partitions 20

    File Systems 25

    Summary 27

    Exam Essentials 27

    Review Questions 28

    Chapter 2 File Systems 33

    FAT Basics 34

    The Physical Layout of FAT 36

    Viewing Directory Entries Using EnCase 52

    The Function of FAT 58

    NTFS Basics 73

    CD File Systems 77

    exFAT 79

    Summary 83

    Exam Essentials 84

    Review Questions 85

    Chapter 3 First Response 89

    Planning and Preparation 90

    The Physical Location 91

    Personnel 91

    Computer Systems 92

    What to Take with You Before You Leave 94

    Search Authority 97

    Handling Evidence at the Scene 98

    Securing the Scene 98

    Recording and Photographing the Scene 99

    Seizing Computer Evidence 99

    Bagging and Tagging 110

    Summary 113

    Exam Essentials 113

    Review Questions 115

    Chapter 4 Acquiring Digital Evidence 119

    Creating EnCase Forensic Boot Disks 121

    Booting a Computer Using the EnCase Boot Disk 124

    Seeing Invisible HPA and DCO Data 125

    Other Reasons for Using a DOS Boot 126

    Steps for Using a DOS Boot 126

    Drive-to-Drive DOS Acquisition 128

    Steps for Drive-to-Drive DOS Acquisition 128

    Supplemental Information About Drive-to-Drive

    DOS Acquisition 132

    Network Acquisitions 135

    Reasons to Use Network Acquisitions 135

    Understanding Network Cables 136

    Preparing an EnCase Network Boot Disk 137

    Preparing an EnCase Network Boot CD 138

    Steps for Network Acquisition 138

    FastBloc/Tableau Acquisitions 151

    Available FastBloc Models 151

    FastBloc 2 Features 152

    Steps for Tableau (FastBloc) Acquisition 154

    FastBloc SE Acquisitions 163

    About FastBloc SE 163

    Steps for FastBloc SE Acquisitions 164

    LinEn Acquisitions 168

    Mounting a File System as Read-Only 168

    Updating a Linux Boot CD with the Latest Version of LinEn 169

    Running LinEn 171

    Steps for LinEn Acquisition 173

    Enterprise and FIM Acquisitions 176

    EnCase Portable 180

    Helpful Hints 188

    Summary 189

    Exam Essentials 192

    Review Questions 194

    Chapter 5 EnCase Concepts 199

    EnCase Evidence File Format 200

    CRC, MD5, and SHA-1 201

    Evidence File Components and Function 202

    New Evidence File Format 206

    Evidence File Verification 207

    Hashing Disks and Volumes 215

    EnCase Case Files 217

    EnCase Backup Utility 220

    EnCase Configuration Files 227

    Evidence Cache Folder 231

    Summary 233

    Exam Essentials 235

    Review Questions 236

    Chapter 6 EnCase Environment 241

    Home Screen 242

    EnCase Layout 246

    Creating a Case 249

    Tree Pane Navigation 255

    Table Pane Navigation 266

    Table View 266

    Gallery View 275

    Timeline View 277

    Disk View 280

    View Pane Navigation 284

    Text View 284

    Hex View 287

    Picture View 288

    Report View 289

    Doc View 289

    Transcript View 290

    File Extents View 291

    Permissions View 291

    Decode View 292

    Field View 294

    Lock Option 294

    Dixon Box 294

    Navigation Data (GPS) 295

    Find Feature 297

    Other Views and Tools 298

    Conditions and Filters 298

    EnScript 299

    Text Styles 299

    Adjusting Panes 300

    Other Views 306

    Global Views and Settings 306

    EnCase Options 310

    Summary 318

    Exam Essentials 320

    Review Questions 321

    Chapter 7 Understanding, Searching For, and Bookmarking Data 325

    Understanding Data 327

    Binary Numbers 327

    Hexadecimal 333

    Characters 336

    ASCII 337

    Unicode 338

    EnCase Evidence Processor 340

    Searching for Data 352

    Creating Keywords 353

    GREP Keywords 364

    Starting a Search 373

    Viewing Search Hits and Bookmarking Your Findings 376

    Bookmarking 377

    Summary 426

    Exam Essentials 428

    Review Questions 430

    Chapter 8 File Signature Analysis and Hash Analysis 435

    File Signature Analysis 436

    Understanding Application Binding 437

    Creating a New File Signature 438

    Conducting a File Signature Analysis 442

    Hash Analysis 449

    MD5 Hash 449

    Hash Sets and Hash Libraries 449

    Hash Analysis 462

    Summary 466

    Exam Essentials 468

    Review Questions 469

    Chapter 9 Windows Operating System Artifacts 473

    Dates and Times 475

    Time Zones 475

    Windows 64-Bit Time Stamp 476

    Adjusting for Time Zone Offsets 481

    Recycle Bin 487

    Details of Recycle Bin Operation 488

    The INFO2 File 488

    Determining the Owner of Files in the Recycle Bin 493

    Files Restored or Deleted from the Recycle Bin 494

    Using an EnCase Evidence Processor to Determine the Status of Recycle Bin Files 496

    Recycle Bin Bypass 498

    Windows Vista/Windows 7 Recycle Bin 500

    Link Files 504

    Changing the Properties of a Shortcut 504

    Forensic Importance of Link Files 505

    Using the Link File Parser 509

    Windows Folders 511

    Recent Folder 515

    Desktop Folder 516

    My Documents/Documents 518

    Send To Folder 518

    Temp Folder 519

    Favorites Folder 520

    Windows Vista Low Folders 521

    Cookies Folder 523

    History Folder 526

    Temporary Internet Files 532

    Swap File 535

    Hibernation File 536

    Print Spooling 537

    Legacy Operating System Artifacts 543

    Windows Volume Shadow Copy 544

    Windows Event Logs 549

    Kinds of Information Available in Event Logs 549

    Determining Levels of Auditing 552

    Windows Vista/7 Event Logs 554

    Using the Windows Event Log Parser 555

    For More Information 558

    Summary 559

    Exam Essentials 564

    Review Questions 566

    Chapter 10 Advanced EnCase 571

    Locating and Mounting Partitions 573

    Mounting Files 588

    Registry 595

    Registry History 595

    Registry Organization and Terminology 596

    Using EnCase to Mount and View the Registry 601

    Registry Research Techniques 605

    EnScript and Filters 608

    Running EnScripts 609

    Filters and Conditions 611

    Email 614

    Base64 Encoding 619

    EnCase Decryption Suite 622

    Virtual File System (VFS) 629

    Restoration 633

    Physical Disk Emulator (PDE) 636

    Putting It All Together 641

    Summary 645

    Exam Essentials 648

    Review Questions 649

    Appendix A Answers to Review Questions 653

    Chapter 1: Computer Hardware 654

    Chapter 2: File Systems 655

    Chapter 3: First Response 657

    Chapter 4: Acquiring Digital Evidence 658

    Chapter 5: EnCase Concepts 659

    Chapter 6: EnCase Environment 661

    Chapter 7: Understanding, Searching For, and Bookmarking Data 662

    Chapter 8: File Signature Analysis and Hash Analysis 663

    Chapter 9: Windows Operating System Artifacts 664

    Chapter 10: Advanced EnCase 665

    Appendix B Creating Paperless Reports 667

    Exporting the Web Page Report 669

    Creating Your Container Report 671

    Bookmarks and Hyperlinks 675

    Burning the Report to CD or DVD 678

    Appendix C About the Additional Study Tools 681

    Additional Study Tools 682

    Sybex Test Engine 682

    Electronic Flashcards 682

    PDF of Glossary of Terms 682

    Adobe Reader 682

    Additional Author Files 683

    System Requirements 683

    Using the Study Tools 683

    Troubleshooting 683

    Customer Care 684

    Index 685

EnCase Computer Forensics The Official EnCE

Product form

£41.25

Includes FREE delivery

RRP £55.00 – you save £13.75 (25%)

Order before 4pm tomorrow for delivery by Sat 27 Dec 2025.

A Paperback / softback by Steve Bunting

1 in stock


    View other formats and editions of EnCase Computer Forensics The Official EnCE by Steve Bunting

    Publisher: John Wiley & Sons Inc
    Publication Date: 07/09/2012
    ISBN13: 9780470901069, 978-0470901069
    ISBN10: 0470901063
    Also in:
    Computing Computer security Forensic science

    Description

    Book Synopsis
    The official, Guidance Software-approved book on the newest EnCE exam!

    The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software''s EnCase Forensic 7. The only official Guidance-endorsed study guide on the topic, this book prepares you for the exam with extensive coverage of all exam topics, real-world scenarios, hands-on exercises, up-to-date legal information, and sample evidence files, flashcards, and more.

    • Guides readers through preparation for the newest EnCase Certified Examiner (EnCE) exam
    • Prepares candidates for both Phase 1 and Phase 2 of the exam, as well as for practical use of the certification
    • Covers identifying and searching hardware and files systems, handling evidence on the scene, and acquiring digital evidence using EnCase Forensic 7
    • Includes hands-on exercises, practice questions, and up-to-date legal inform

      Table of Contents

      Introduction xxi

      Assessment Test xxvii

      Chapter 1 Computer Hardware 1

      Computer Hardware Components 2

      The Boot Process 14

      Partitions 20

      File Systems 25

      Summary 27

      Exam Essentials 27

      Review Questions 28

      Chapter 2 File Systems 33

      FAT Basics 34

      The Physical Layout of FAT 36

      Viewing Directory Entries Using EnCase 52

      The Function of FAT 58

      NTFS Basics 73

      CD File Systems 77

      exFAT 79

      Summary 83

      Exam Essentials 84

      Review Questions 85

      Chapter 3 First Response 89

      Planning and Preparation 90

      The Physical Location 91

      Personnel 91

      Computer Systems 92

      What to Take with You Before You Leave 94

      Search Authority 97

      Handling Evidence at the Scene 98

      Securing the Scene 98

      Recording and Photographing the Scene 99

      Seizing Computer Evidence 99

      Bagging and Tagging 110

      Summary 113

      Exam Essentials 113

      Review Questions 115

      Chapter 4 Acquiring Digital Evidence 119

      Creating EnCase Forensic Boot Disks 121

      Booting a Computer Using the EnCase Boot Disk 124

      Seeing Invisible HPA and DCO Data 125

      Other Reasons for Using a DOS Boot 126

      Steps for Using a DOS Boot 126

      Drive-to-Drive DOS Acquisition 128

      Steps for Drive-to-Drive DOS Acquisition 128

      Supplemental Information About Drive-to-Drive

      DOS Acquisition 132

      Network Acquisitions 135

      Reasons to Use Network Acquisitions 135

      Understanding Network Cables 136

      Preparing an EnCase Network Boot Disk 137

      Preparing an EnCase Network Boot CD 138

      Steps for Network Acquisition 138

      FastBloc/Tableau Acquisitions 151

      Available FastBloc Models 151

      FastBloc 2 Features 152

      Steps for Tableau (FastBloc) Acquisition 154

      FastBloc SE Acquisitions 163

      About FastBloc SE 163

      Steps for FastBloc SE Acquisitions 164

      LinEn Acquisitions 168

      Mounting a File System as Read-Only 168

      Updating a Linux Boot CD with the Latest Version of LinEn 169

      Running LinEn 171

      Steps for LinEn Acquisition 173

      Enterprise and FIM Acquisitions 176

      EnCase Portable 180

      Helpful Hints 188

      Summary 189

      Exam Essentials 192

      Review Questions 194

      Chapter 5 EnCase Concepts 199

      EnCase Evidence File Format 200

      CRC, MD5, and SHA-1 201

      Evidence File Components and Function 202

      New Evidence File Format 206

      Evidence File Verification 207

      Hashing Disks and Volumes 215

      EnCase Case Files 217

      EnCase Backup Utility 220

      EnCase Configuration Files 227

      Evidence Cache Folder 231

      Summary 233

      Exam Essentials 235

      Review Questions 236

      Chapter 6 EnCase Environment 241

      Home Screen 242

      EnCase Layout 246

      Creating a Case 249

      Tree Pane Navigation 255

      Table Pane Navigation 266

      Table View 266

      Gallery View 275

      Timeline View 277

      Disk View 280

      View Pane Navigation 284

      Text View 284

      Hex View 287

      Picture View 288

      Report View 289

      Doc View 289

      Transcript View 290

      File Extents View 291

      Permissions View 291

      Decode View 292

      Field View 294

      Lock Option 294

      Dixon Box 294

      Navigation Data (GPS) 295

      Find Feature 297

      Other Views and Tools 298

      Conditions and Filters 298

      EnScript 299

      Text Styles 299

      Adjusting Panes 300

      Other Views 306

      Global Views and Settings 306

      EnCase Options 310

      Summary 318

      Exam Essentials 320

      Review Questions 321

      Chapter 7 Understanding, Searching For, and Bookmarking Data 325

      Understanding Data 327

      Binary Numbers 327

      Hexadecimal 333

      Characters 336

      ASCII 337

      Unicode 338

      EnCase Evidence Processor 340

      Searching for Data 352

      Creating Keywords 353

      GREP Keywords 364

      Starting a Search 373

      Viewing Search Hits and Bookmarking Your Findings 376

      Bookmarking 377

      Summary 426

      Exam Essentials 428

      Review Questions 430

      Chapter 8 File Signature Analysis and Hash Analysis 435

      File Signature Analysis 436

      Understanding Application Binding 437

      Creating a New File Signature 438

      Conducting a File Signature Analysis 442

      Hash Analysis 449

      MD5 Hash 449

      Hash Sets and Hash Libraries 449

      Hash Analysis 462

      Summary 466

      Exam Essentials 468

      Review Questions 469

      Chapter 9 Windows Operating System Artifacts 473

      Dates and Times 475

      Time Zones 475

      Windows 64-Bit Time Stamp 476

      Adjusting for Time Zone Offsets 481

      Recycle Bin 487

      Details of Recycle Bin Operation 488

      The INFO2 File 488

      Determining the Owner of Files in the Recycle Bin 493

      Files Restored or Deleted from the Recycle Bin 494

      Using an EnCase Evidence Processor to Determine the Status of Recycle Bin Files 496

      Recycle Bin Bypass 498

      Windows Vista/Windows 7 Recycle Bin 500

      Link Files 504

      Changing the Properties of a Shortcut 504

      Forensic Importance of Link Files 505

      Using the Link File Parser 509

      Windows Folders 511

      Recent Folder 515

      Desktop Folder 516

      My Documents/Documents 518

      Send To Folder 518

      Temp Folder 519

      Favorites Folder 520

      Windows Vista Low Folders 521

      Cookies Folder 523

      History Folder 526

      Temporary Internet Files 532

      Swap File 535

      Hibernation File 536

      Print Spooling 537

      Legacy Operating System Artifacts 543

      Windows Volume Shadow Copy 544

      Windows Event Logs 549

      Kinds of Information Available in Event Logs 549

      Determining Levels of Auditing 552

      Windows Vista/7 Event Logs 554

      Using the Windows Event Log Parser 555

      For More Information 558

      Summary 559

      Exam Essentials 564

      Review Questions 566

      Chapter 10 Advanced EnCase 571

      Locating and Mounting Partitions 573

      Mounting Files 588

      Registry 595

      Registry History 595

      Registry Organization and Terminology 596

      Using EnCase to Mount and View the Registry 601

      Registry Research Techniques 605

      EnScript and Filters 608

      Running EnScripts 609

      Filters and Conditions 611

      Email 614

      Base64 Encoding 619

      EnCase Decryption Suite 622

      Virtual File System (VFS) 629

      Restoration 633

      Physical Disk Emulator (PDE) 636

      Putting It All Together 641

      Summary 645

      Exam Essentials 648

      Review Questions 649

      Appendix A Answers to Review Questions 653

      Chapter 1: Computer Hardware 654

      Chapter 2: File Systems 655

      Chapter 3: First Response 657

      Chapter 4: Acquiring Digital Evidence 658

      Chapter 5: EnCase Concepts 659

      Chapter 6: EnCase Environment 661

      Chapter 7: Understanding, Searching For, and Bookmarking Data 662

      Chapter 8: File Signature Analysis and Hash Analysis 663

      Chapter 9: Windows Operating System Artifacts 664

      Chapter 10: Advanced EnCase 665

      Appendix B Creating Paperless Reports 667

      Exporting the Web Page Report 669

      Creating Your Container Report 671

      Bookmarks and Hyperlinks 675

      Burning the Report to CD or DVD 678

      Appendix C About the Additional Study Tools 681

      Additional Study Tools 682

      Sybex Test Engine 682

      Electronic Flashcards 682

      PDF of Glossary of Terms 682

      Adobe Reader 682

      Additional Author Files 683

      System Requirements 683

      Using the Study Tools 683

      Troubleshooting 683

      Customer Care 684

      Index 685

    Recently viewed products

    © 2025 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account