Using EnCase? Extend EnCase Evidence Gathering Capabilities with Belkasoft Evidence Center

Are you an EnCase user? You can greatly extend the product’s evidence gathering capabilities by using it together with Belkasoft Evidence Center! In this blog post we’ll tell you how to get the most out of the two forensic products.

Working in digital forensics, you probably already know everything about Guidance EnCase. In case you don’t, check out Guidance Software Web site to learn about the de-facto standard digital forensic tool.

Today we’ll be talking about using our own tool, Belkasoft Evidence Center, to expand data extraction capabilities of Guidance EnCase. If you are regularly reading our blog, Evidence Center makes it easy for an investigator to search computer hard drives, disk images and snapshots of the computer’s volatile memory for many types of digital evidence. I won’t list all of its features here; do visit our Web site to read about the product, and we’ll move on to the topic of integrating EnCase with Belkasoft Evidence Center.

How Belkasoft Evidence Center Integrates with EnCase

Evidence Center is tightly integrated with the latest version of Guidance EnCase, allowing investigators to acquire the many types of evidence supported by Evidence Center via the familiar EnCase user interface. After performing the acquisition, collected data can be investigated with EnCase’ powerful analysis features.

Thanks to the integration of Belkasoft Evidence Center with the EnCase family of forensic products, EnCase users can easily access information collected by Evidence Center. The integration is implemented via the free “BelkasoftDataImport” plugin allowing EnCase users to seamlessly access information collected by Belkasoft Evidence Center.

Integration Benefits

With the integration of the two powerful forensic products, EnCase users gain access to powerful data search and carving abilities provided by Belkasoft Evidence Center. Belkasoft Evidence Center is designed specifically to collect information about suspects’ communications and online activities such as chats, postings and comments they make over a wide range of carriers. Its ability to carve data from allocated, unallocated or entire disk space sets it apart from similar tools, while its ability to capture and carve raw memory dumps makes it possible to discover many types of ephemeral evidence.

Integrating Evidence Center with Guidance Software EnCase

To start using Evidence Center, you will need to install the tool first. Obtain an EnCase integration script http://forensic.belkasoft.com/en/bec/en/EnCase_integration.asp and install it by placing the BelkasoftDataImport.EnPack file into your EnCase script folder (normally, that would be “C:\Program Files\EnCase7\EnScript\EvidenceProcessor\”).

You will also need to place the script license file BelkasoftIntegration.EnLicense to your EnCase license folder (normally, “C:\Program Files\EnCase7\License\”).

In a final integration step, open the “ModuleList.EnScript” in “C:\EnScript\EvidenceProcessor\”. If this file does not exist, create it. Add the following string: include “BelkasoftDataImport.EnPack”

Congratulations! You have just completed the integration, and can start using Evidence Center.
Start Using Evidence Center

To start using Evidence Center, first add some evidence files to your case. Open “Evidence Processor” and select an evidence file you would like to analyze. You should see the “Belkasoft Data Import” module available in the module list. Tick the box and click OK.

Belkasoft Evidence Center will be launched. You will be prompted whether you’d like to carve data or analyze existing files. You can skip either option by clicking the Cancel button in the corresponding dialog.

Wait until all tasks are finished. During the analysis you can cancel any task in the Task Manager window. When all tasks are finished, close Evidence Center. Once you’ve done that, the data will be imported into EnCase automatically. It’s that easy!

Using EnCase to Analyze Evidence Collected with Belkasoft Evidence Center

Now we’re up to analyzing the data collected by Evidence Center. In EnCase, navigate to the Records node, select drive image you’ve just analyzed, and open “Belkasoft Data Import – Records”.

Under “Belkasoft Data Import – Records”, you will find the results extracted by Belkasoft Evidence Center.

Buying Belkasoft Evidence Center

Belkasoft Evidence Center is available in EnCase AppCentral as well as from Belkasoft Web site.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: