EnCase is an industry standard computer forensics program designed by Guidance Software. EnCase is the primary computer forensics software tool utilised by major law enforcement agencies, such as the FBI and MI5. EnCase can search for and open a number of file extensions, including Microsoft's DOCX file type.
- Skill level:
Other People Are Reading
Launch the EnCase program.
Create a new case by clicking on the "New" option on the toolbar at the top of the program.
Click on the "Add Device" option. Select the storage device you want to search in your newly created case file, which is located in the tree menu on the left-hand side.
Click on the search icon in the EnCase toolbar.
Click the "Selected Entries Only" option in the "Search" options window that pops up, then select the "Verify File Signatures" option. Press the "Start" button.
View the results of the search in hexadecimal mode by moving your cursor to the horizontal toolbar towards to bottom of the program. Click on the "Hex" option.
By viewing the results in hexadecimal mode, you're able to ascertain the file signature. For example, it would be easy to rename a file extension from BMP to DOCX; viewing the results in hexadecimal mode enables you to analyse and confirm that the file extension corresponds to the signature of the file, as each file has a unique signature associated with it.
View the results of the file signature analysis. If EnCase has the DOCX file type in its database, then the status report will return information regarding the file type, file extension and header information.
If the DOCX file is not present within the EnCase file signature database, note that the correct file signature for a DOCX file is "50 4B 03 04 14 00 06 00." In EnCase, you can confirm whether or not a file is a DOCX file based on the file signature search by viewing the file search results in hexadecimal format, even if the file extension is false.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for