NCJ Number
224147
Date Published
October 2008
Length
68 pages
Annotation
As part of the Computer Forensics Tool Testing (CFTT) program--whose objective is to provide measurable assurance to practitioners, researchers, and other applicable users that the tools used in computer forensics investigation provide accurate results--this report presents the results of testing EnCase LinEn, version 6.01, a digital data acquisition tool.
Abstract
With the exception of two test cases (DA-08 and DA-09), the tested tool acquired all visible and hidden sectors completely and accurately from three test computers. Regarding one exception, up to seven sectors contiguous to a defective sector may be replaced by zeros in the acquisition (DA-09-1 and DA-09-2). For the second exception, the sectors hidden by a device configuration overlay (DCO) are not acquired (DA-08-DCO). The EnCase LinEn, version 6.01 was tested against the Digital Data Acquisition Tool Assertions and Test Plan Version 1.0. In the report’s section on test case selection, one table lists the features available in En Case LinEn and the linked test cases. A second table lists the features not available in EnCase LinEn and the linked test cases. In the report’s section that presents results by test assertion, one table summarizes test results by assertion, and another table lists the assertions that were not tested, usually due to the tool not supporting some optional feature. The specifications of each of the following three test computers are listed: Paladin, AndWife, and Athos. The report’s concluding section presents the test results report key and the details of the testing. Extensive data tables