AccessData Case Creation - Training Slides - PDF

AccessData Case Creation Module Objectives New Case Creation Steps Profile Selection Processing Options adjustments Managing Evidence Examiner Templates Creating and Opening Cases Creating a New Case Three Required Fields Case Name Case Folder Directory Select Processing Profile Other Fields Optional Processing Profile Selection Select a prebuilt processing profile or… A Custom Evidence Processing Profile Customize Processing Options Processing options can be customized or modified per case Changes may be desired for Processing Options Evidence Refinement Index Refinement Custom File Identifiers Processing Options All processing options are available here Changes here can be a one time change or saved in a custom profile for later use Evidence Refinement Choices here define items in the evidence that are included in the case Excluded items should not be seen within the case Refine by: Type/Status Date/Size Index Refinement Choices here define inclusion or exclusion in the Index Refine by: Type/Status Date/Size Can exclude by global or specific categories Manage Evidence Selecting Case Evidence Selecting Case Evidence Forensic Images Acquired Image All Images in Directory Live Evidence Contents of Directory Individual File Physical Drive Logical Drive Evidence Group Refinement Options FTK Time Zone Settings FTK requires selection of a time zone for all evidence items FAT times are converted to GMT in the case database Removable Media − Should get the settings of associated computers if they exist − Use local settings if they do not Examiner Templates Template options Full Reduced Available upon each subsequent opening of case, after creation Can be set by choosing “Remember Selection” Examiner Templates Full Reduced Module Review New Case Creation Steps Profile Selection Processing Options adjustments Managing Evidence Examiner Templates

AccessData Case Creation - Training Slides - PDF

Document Details

Tags

Related

Summary

Full Transcript