4435FM.fm Page i Wednesday, December 21, 2005 10:50 AM EnCase® Computer Forensics The Official EnCE: EnCase® Certified Examiner Study Guide 4435FM.fm Page ii Wednesday, December 21, 2005 10:50 AM 4435FM.fm Page iii Wednesday, December 21, 2005 10:50 AM EnCase® Computer Forensics The Official EnCE: EnCase® Certified Examiner Study Guide Steve Bunting William Wei Wiley Publishing, Inc. 4435FM.fm Page iv Wednesday, December 21, 2005 10:50 AM 4435FM.fm Page v Wednesday, December 21, 2005 10:50 AM Acquisitions and Development Editor: Maureen Adams Technical Editor: Jon Bair Production Editors: Angela Smith, and Daria Meoli Copy Editor: Liz Welch Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Executive Publisher: Joseph B. Wikert Vice President and Publisher: Neil Edde Media Development Specialist: Angela Denny Book Designer: Judy Fung Compositor: Jeff Wilson, Happenstance Type-O-Rama Proofreader: Jennifer Larsen, Word One Indexer: Nancy Guenther Cover Designer: Richard Miller, Calyx Design Cover Photo Illustration: Anthony DiBello, Guidance Software Cover Image: Getty Images Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, IN Published by Wiley Publishing, Inc., Indianapolis, IN Published simultaneously in Canada ISBN-13: 978-0-7821-4435-2 ISBN-10: 0-7821-4435-7 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sec- tions 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Pub- lisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for per- mission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianap- olis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, includ- ing without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an orga- nization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recom- mendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written per- mission. Microsoft and Visual Basic are registered trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are the property of their respective owners. EnCase® is a registered trademark of Guidance Software, Inc. in the United States and other jurisdictions. Copyright ©1998-2006 Guidance Software, Inc. All Rights Reserved. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 4435FM.fm Page vi Wednesday, December 21, 2005 10:50 AM 4435FM.fm Page vii Wednesday, December 21, 2005 10:50 AM To Our Valued Readers: Thank you for looking to Sybex for your EnCase® Certified Examiner (EnCE) exam prep needs. The Sybex team is proud of its reputation for providing certification candidates with the practical knowledge and skills needed to succeed in the highly competitive IT marketplace. We are especially proud of the partnership we have formed with Guidance Software, the lead- ing computer forensics software company, to produce this official EnCase Computer Foren- sics Study Guide. Just as Guidance Software is committed to establishing measurable standards for certifying individuals who perform forensic investigation and analysis with EnCase software, Sybex is committed to providing those individuals with the skills needed to meet those standards. The authors and editors have worked hard to ensure that the book you hold in your hands is comprehensive, in-depth, and pedagogically sound. We’re confident that this book will exceed the demanding standards of the certification marketplace and help you, the EnCE can- didate, succeed in your endeavors. As always, your feedback is important to us. If you believe you’ve identified an error in the book, please visit the Customer Support section of the Wiley website. And if you have general comments or suggestions, feel free to drop me a line directly at [email protected]. At Sybex we’re continually striving to meet the needs of individuals preparing for certification exams. Good luck in pursuit of your EnCE! Neil Edde Vice President & Publisher Wiley Publishing, Inc. 4435FM.fm Page viii Wednesday, December 21, 2005 10:50 AM 4435FM.fm Page ix Wednesday, December 21, 2005 10:50 AM Wiley Publishing Inc End-User License Agreement READ THIS. You should carefully read these terms and in materials or workmanship, WPI will replace the defec- conditions before opening the software packet(s) included tive Software Media. (b) WPI AND THE AUTHOR OF with this book “Book”. This is a license agreement “Agree- THE BOOK DISCLAIM ALL OTHER WARRANTIES, ment” between you and Wiley Publishing, Inc.“WPI”. By EXPRESS OR IMPLIED, INCLUDING WITHOUT LIM- opening the accompanying software packet(s), you ITATION IMPLIED WARRANTIES OF MERCHANT- acknowledge that you have read and accept the following ABILITY AND FITNESS FOR A PARTICULAR terms and conditions. If you do not agree and do not want PURPOSE, WITH RESPECT TO THE SOFTWARE, to be bound by such terms and conditions, promptly return THE PROGRAMS, THE SOURCE CODE CON- the Book and the unopened software packet(s) to the place TAINED THEREIN, AND/OR THE TECHNIQUES you obtained them for a full refund. DESCRIBED IN THIS BOOK. WPI DOES NOT WAR- 1. License Grant. WPI grants to you (either an individual RANT THAT THE FUNCTIONS CONTAINED IN or entity) a nonexclusive license to use one copy of the THE SOFTWARE WILL MEET YOUR REQUIRE- enclosed software program(s) (collectively, the “Software” MENTS OR THAT THE OPERATION OF THE SOFT- solely for your own personal or business purposes on a sin- WARE WILL BE ERROR FREE. (c) This limited warranty gle computer (whether a standard computer or a worksta- gives you specific legal rights, and you may have other tion component of a multi-user network). The Software is rights that vary from jurisdiction to jurisdiction. in use on a computer when it is loaded into temporary 6. Remedies. (a) WPI’s entire liability and your exclusive memory (RAM) or installed into permanent memory (hard remedy for defects in materials and workmanship shall be disk, CD-ROM, or other storage device). WPI reserves all limited to replacement of the Software Media, which may rights not expressly granted herein. be returned to WPI with a copy of your receipt at the fol- 2. Ownership. WPI is the owner of all right, title, and inter- lowing address: est, including copyright, in and to the compilation of the Software Media Fulfillment Department, Software recorded on the disk(s) or CD-ROM “Software Media”. Copyright to the individual programs recorded Attn.: EnCase Computer Forensics The Official ENCE: on the Software Media is owned by the author or other EnCase Certified Examiner Study Guide authorized copyright owner of each program. Ownership Wiley Publishing, Inc., 10475 of the Software and all proprietary rights relating thereto Crosspoint Blvd., Indianapolis, IN 46256, remain with WPI and its licensers. or call 1-800-762-2974. 3. Restrictions On Use and Transfer. (a) You may only (i) make one copy of the Software for backup or archival pur- Please allow four to six weeks for delivery. This Limited poses, or (ii) transfer the Software to a single hard disk, Warranty is void if failure of the Software Media has provided that you keep the original for backup or archival resulted from accident, abuse, or misapplication. Any purposes. You may not (i) rent or lease the Software, (ii) replacement Software Media will be warranted for the copy or reproduce the Software through a LAN or other remainder of the original warranty period or thirty (30) network system or through any computer subscriber sys- days, whichever is longer. (b) In no event shall WPI or the tem or bulletin- board system, or (iii) modify, adapt, or cre- author be liable for any damages whatsoever (including ate derivative works based on the Software.
File Typepdf
Upload Time-
Content LanguagesEnglish
Upload UserAnonymous/Not logged-in
File Pages521 Page
File Size-