Podcast
Questions and Answers
When creating a new case, which of the following fields are required?
When creating a new case, which of the following fields are required?
- Case Description, Examiner Name, Evidence Location
- Examiner Initials, Case Notes, Hash Value List
- Case Name, Case Folder Directory, Processing Profile (correct)
- Evidence Type, Time Zone, Case Number
Customizing processing options is only possible when initially creating a case and cannot be modified later.
Customizing processing options is only possible when initially creating a case and cannot be modified later.
False (B)
What are two ways you can refine evidence during the evidence processing stage?
What are two ways you can refine evidence during the evidence processing stage?
Type/Status, Date/Size
When refining the index, you can exclude items by global or __________ categories.
When refining the index, you can exclude items by global or __________ categories.
Which of the following is NOT a type of evidence that can be selected when managing evidence in a case?
Which of the following is NOT a type of evidence that can be selected when managing evidence in a case?
When adding forensic images as evidence, which of the following options is available?
When adding forensic images as evidence, which of the following options is available?
When FTK converts FAT times to GMT, the time is converted to local time in the case database.
When FTK converts FAT times to GMT, the time is converted to local time in the case database.
What consideration should be given to removable media regarding FTK time zone settings?
What consideration should be given to removable media regarding FTK time zone settings?
Name two examiner template options available for cases after creation.
Name two examiner template options available for cases after creation.
Changes made in the 'Processing Options' are a one time change or can be saved in a __________ profile for later use.
Changes made in the 'Processing Options' are a one time change or can be saved in a __________ profile for later use.
Processing options must be customized or modified per case.
Processing options must be customized or modified per case.
What time zone are FAT times converted to in the case database?
What time zone are FAT times converted to in the case database?
When refining evidence by Type/Status, what does this process primarily determine?
When refining evidence by Type/Status, what does this process primarily determine?
When dealing with removable media and time zone settings, the system should attempt to get the settings of associated ______ if they exist.
When dealing with removable media and time zone settings, the system should attempt to get the settings of associated ______ if they exist.
Match the evidence selection options with their corresponding descriptions:
Match the evidence selection options with their corresponding descriptions:
What is the purpose of examiner templates?
What is the purpose of examiner templates?
Changes made to processing options are always saved to a custom profile for later use.
Changes made to processing options are always saved to a custom profile for later use.
Besides Type/Status, what is another option for refining evidence during case creation?
Besides Type/Status, what is another option for refining evidence during case creation?
During Index Refinement, what is the effect of excluding specific categories?
During Index Refinement, what is the effect of excluding specific categories?
Flashcards
AccessData Case
AccessData Case
A named container for forensic investigations, containing evidence and settings.
Required Case Fields
Required Case Fields
Case Name, Case Folder Directory, and Processing Profile.
Processing Profile
Processing Profile
A set of pre-defined or custom settings that dictates how evidence is processed.
Customize Processing
Customize Processing
Signup and view all the flashcards
Evidence Refinement
Evidence Refinement
Signup and view all the flashcards
Index Refinement
Index Refinement
Signup and view all the flashcards
Case Evidence Types
Case Evidence Types
Signup and view all the flashcards
Evidence Group
Evidence Group
Signup and view all the flashcards
FTK Time Zone Handling
FTK Time Zone Handling
Signup and view all the flashcards
Examiner Templates
Examiner Templates
Signup and view all the flashcards
New Case Creation
New Case Creation
Signup and view all the flashcards
Profile Selection
Profile Selection
Signup and view all the flashcards
Processing Options Adjustments
Processing Options Adjustments
Signup and view all the flashcards
Managing Evidence
Managing Evidence
Signup and view all the flashcards
Evidence Refinement Choices
Evidence Refinement Choices
Signup and view all the flashcards
Index Refinement Choices
Index Refinement Choices
Signup and view all the flashcards
Types of Case Evidence
Types of Case Evidence
Signup and view all the flashcards
Examiner Template Options
Examiner Template Options
Signup and view all the flashcards
Template Differences
Template Differences
Signup and view all the flashcards
Study Notes
- This module covers AccessData case creation.
- Includes new case creation steps, profile selection, processing options adjustments, managing evidence, and examiner templates.
Creating and Opening Cases
- To create a new case, navigate to File > Cases > New
Creating a New Case
- Creating a new case requires three fields.
- Namely Case Name, Case Folder Directory, and Selecting a Processing Profile.
- All other fields are optional.
Processing Profile Selection
- Can select either a prebuilt processing profile or a custom evidence processing profile.
Customize Processing Options
- Processing options can be customized or modified per case
- Changes to processing options may be desired for processing options, evidence refinement, index refinement, and/or custom file identifiers.
Processing Options
- All processing options are available in the detailed options.
- Changes made to processing options can be either for one time use or saved in a custom profile for later use.
Evidence Refinement
- Choices made here will define which items from the evidence are included in the case.
- Excluded items will not be visible within the case.
- One can refine by Type/Status or Date/Size.
Index Refinement
- Choices will determine what evidence is inculded or excluded in the Index.
- Can refine by Type/Status or Date/Size.
- Can exclude by global or specific categories.
Manage Evidence
- Evidence can be managed by the user here.
Selecting Case Evidence
- The user will be able to select case evidence.
- Forensic Images can be added, which include Acquired Image, and All Images in a Directory.
- Live Evidence can be added, which includes Contents of Directory, Individual File, Physical Drive, and Logical Drive.
Evidence Group
- You can allow the user to group evidence items.
Refinement Options
- You can select which Refinement Options to use for the current case
FTK Time Zone Settings
- FTK requires the selection of a time zone for all evidence items.
- FAT times are converted to GMT in the case database.
- For removable media, use the settings of associated computers if they exist.
- If the previous settings do not exist, use local settings.
Examiner Templates
- Choosing a template provides options for "Full" and "Reduced"
- Templates are available upon repeatedly opening cases after creation
- Can be set by choosing the "Remember Selection" option.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Learn how to create a new case in AccessData, including selecting processing profiles and customizing processing options. This module covers managing evidence, adjusting processing options, and using examiner templates for efficient case handling. Master case creation steps and profile selection for effective digital investigations.
