hey i guttman 35 passed my entire free disc space can shit still be recovered using this program??????????????????

Apologies for the dumb question, but will this software uncover an originating IP for the data from a USB?

Hello.. Hi.. I just completed my computer forensics degree .... i am trying to upgrade my knowledge in digital forensics. could anyone please advice me whether FTK or Encase.. among these two which is the best course for career... could anyone please let me know...

from where did you download and what is the license key!!

please help!!

@adityaiswest RAPIDSHARE ;)

Nice tool, but basic. There are free programs, live CDs out there that are much better - and free. Real security and real forensic work is done with Linux, not Windows.

@RoadieRon lol... EnCase is used in FBI Forensics Labs... Most work is done on Wintel boxes... You're grossly misinformed.

BTW, the version in this video is pretty dated so theres that too.

@skingbinsane If you believe that is the only tool they use, you are sadly misinformed. Windows lacks certain tools and abilities found in other operating systems and tools under them.

@RoadieRon Where did I say it was the "only tool used?" I'm not pulling this info out of thin air, I have talked with a director at a RCFL and was given a brief on the lab at the different platforms used and the main software used... They also use FTK by the way... They have pretty much everything to deal with a hardware and software configuration including every imaginable legacy system you can think of.

@skingbinsane very true. They do have many tools. I work in the security field with the us military, law enforcement and also wit hthose often-3-letter-agencies of the us government. autopsy, photorec, C.A.I.N.E, D.E.F.T, EnCase,FTK, scalpel, and many other tools are used. Getting data is important, but Computer Forensics is also largely *HOW* and *WHY* you got the data, lest it not be admissable in a court of law.

@RoadieRon bullcrap.

@quelorepario whatever.....

When I do this for the local drive it says:

"none of the selected devices are available"

Can anyone help with this?

@viewervideo011242234 must run as Administrator

EnCase and in fact no forensic tools I've seen recently cannot counter the anti-forensic tools eg linux tools, encryption and wiping tools (if done correctly.)

These forensic tools are okay against the user that knows nothing but are useless against the savvy user or even the ordinary user that knows how to google.

Whats the name of that program?

@rhizophagus well said

if you have this software could you bring back msn conversations that you never saved to your computer?

Completely Awesome! Encase rocks!

Hey you cant crack this software...I am an Forensic computing student and u cant crack the new version...My first project was to crack EnCase..I drop that project due to its difficulty...U need the Dongle...costs up to 10000$

Nothing can't be cracked mate, just a question of time and will...

@cssbrainDOTcom I disagree sir. I hide all my CP on encrypted virtual machines inside of encrypted file containers, with an AES-Serpant-Twofish algorithm, and keyfiles stored off site.

I Joke I joke!!!

Actually, it is possible to crack the new encase (v6) - and without the dongle too! Infact, getting past the dongle protection is the easy bit, it's the FIPS integrity crap thats the pain in the bum.

Regardless, a commercial copy dosnt cost $10,000, its around $2000.

I dont think you tried hard enough !

I wonder if anybody could send me a EnCase4.2 cracked, I have download one,however it seems have some problem. Thank you very much!!

you have to have a cable to make the software work which costs like thousands of dollars... thats how they get you. You can have to program through a crack but in order to actually use it u need the cable...

a cable costing 1000 dollars? i dont believe you

believe it.... i took a cybercrime course and the head director at FDLE told us.... he would know he had the program and the master cable that you need....

Its a USB dongle and not a cable. It does cost a lot, but it is a seriously powerfull tool.

I've been unsuccessful retrieving any files from a USB thumbdrive encrypted with AES, is there any way around this? I can't even see the partition, but it is mountable with truecrypt if you have the password.

Drive not ready error blabla *foams at mouth.. slits wrists*

this is very interesting im learing on how to use this software (school stuff)

I tried using EnCase after using Terminus 6 and I was not successful in recovering anything. Just some weird file names like jfInnfsnIOW.o0f that were like 200 megs and with lots of weird characters.

where can you get a copy of encase

You know there is such a thing as Anti computer forensics...You can beat $3,000 soft wear.

The price of the software doesn't automatically make it better.

Will the program find anything when i have overwritten my free disk space 35 times (guttman)?

it won't find anything overwritten even once. But are you sure windows didn't make a separate copy of the file? When rar files vanish on their own from your temp directory where do they go? For run of the mill file recovery you would not want to use encase. Encase is a pain in the ass it's just the industry standard

Whole disk encryption renders all forensics useless. And while it sounds intimidating it's not that difficult.

Interesting.. I have a computer I haven't used since I was about 14, and I'm 19 now. So I could maybe see my chat logs from that long ago? + Also could I just ask you that, aside from reformat the computer, does a disk defrag go over all the deleted files you've deleted and actually delete them so they wouldn't show up in any software of this type?

Nope, a defrag will usually jumble things around pretty good is the drive is heavily fragmented. To really wipe things you need something like "Eraser", for wiping free space, or "Dban" for wiping the whole disk.

@threesandals you ARE A JACKASS. The disk defrag will copy all parts of the file somewhere on the hard disk and then write it back to the back of the file before it. It jumbles nothing. If after all the files written to the hard disk you have space that hasnt been used or rewritten. That is the stuff encase will find. If you lucky enough that the evidence was in untouched space than you got it but if not the perp gets off.

p.s my brov is a git and woun't help his lil brov, also i think he is too bigheaded,

hi gr8 vid, thanks sir :-) sorry for asking but my brov is a e-forensics expert, i was thinking is there any books or information i could get, i like to learn the subject, but to be honest have no way to increase what little knowledge, some help for a grasshopper plz, thanks

Good but real bad guys use Truecrypt (full disk encryption) disklabs has no answer to Truecrypt.

Not only that they use Dban to clean data from a hard drive which if used correctly renders all the most advanced computer forensic microscopes obsolete

I'm currently studying computer forensics myself. How much did the program alone cost you?

Well, it didn't cost *me* anything because I'm resourceful >:->. But I believe that Guidance Software would probably not have any problem sending out a demo copy to a student. I'm not sure if they do demos or not, but it would probably be worth a try.

Hi! thanks for the tutorial... I was wondering is there any books or videos out there which has more tutorial for new users? or any compant that offer free training? I was looking at the training course in software guidance that they offer and its costs 1000+ for phase1 and another 1000+ for phase2... I cant afford it at the moment because i'm at uni studying Forensic coputing.... and i loads for it as it is....

Well, you can always download the EnCe Study Guide PDF (or buy the book I suppose). It is the study guide for people working toward Guidance Software's EnCe Encase certification...

@threesandals So Could I recover Original Data from a HD that since 2000 has been formatted over15 times?

thanks for posting this, but can i advise you to use a different program in future to record the demo called camstudio.

if you already used this, why it so blured? i can't properly read anything on the screen without skwinting.