O'Reilly logo

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by Steve Bunting

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Searching for Data

EnCase provides for two basic methods for searching for data. One approach is that of using an indexed search. To do so, one must first create an index using the EnCase Evidence Processor, which we just covered. Searches are then conducted against the index, and results are nearly instantaneous. The other method of searching is that of raw searching, whereby keywords are created, and the entire stream of selected data is searched for strings matching those keywords. A related search method is the ability to search smaller sets of data while in the View pane. Each method has its time and place, with each having advantages and disadvantages. Indexed searching takes significant time to build an index but pays it back later with ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required