How to Search DOCX in EnCase

Written by lee prangnell
  • Share
  • Tweet
  • Share
  • Pin
  • Email
How to Search DOCX in EnCase
It is easy to search for DOCX files in EnCase (computer keyboard and mouse image by Warren Millar from Fotolia.com)

EnCase is an industry standard computer forensics program designed by Guidance Software. EnCase is the primary computer forensics software tool utilised by major law enforcement agencies, such as the FBI and MI5. EnCase can search for and open a number of file extensions, including Microsoft's DOCX file type.

Skill level:
Easy

Other People Are Reading

Instructions

  1. 1

    Launch the EnCase program.

  2. 2

    Create a new case by clicking on the "New" option on the toolbar at the top of the program.

  3. 3

    Click on the "Add Device" option. Select the storage device you want to search in your newly created case file, which is located in the tree menu on the left-hand side.

  4. 4

    Click on the search icon in the EnCase toolbar.

  5. 5

    Click the "Selected Entries Only" option in the "Search" options window that pops up, then select the "Verify File Signatures" option. Press the "Start" button.

  6. 6

    View the results of the search in hexadecimal mode by moving your cursor to the horizontal toolbar towards to bottom of the program. Click on the "Hex" option.

    By viewing the results in hexadecimal mode, you're able to ascertain the file signature. For example, it would be easy to rename a file extension from BMP to DOCX; viewing the results in hexadecimal mode enables you to analyse and confirm that the file extension corresponds to the signature of the file, as each file has a unique signature associated with it.

  7. 7

    View the results of the file signature analysis. If EnCase has the DOCX file type in its database, then the status report will return information regarding the file type, file extension and header information.

    If the DOCX file is not present within the EnCase file signature database, note that the correct file signature for a DOCX file is "50 4B 03 04 14 00 06 00." In EnCase, you can confirm whether or not a file is a DOCX file based on the file signature search by viewing the file search results in hexadecimal format, even if the file extension is false.

Don't Miss

Filter:
  • All types
  • Articles
  • Slideshows
  • Videos
Sort:
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the eHow.co.uk site, you consent to the use of cookies. For more information, please see our Cookie policy.