| <<< Hash Library Hierarchy | Index | Hash Library Building Steps >>> |
EnCase restricts its automated scripts to the following two categories:
Known: refers to files that the examiner wishes to exclude from examination, e.g. Microsoft Office software files.
Notable: refers to files that the examiner wishes to find, e.g. hacker software or image files.
The examiner can edit the categories after hash sets were created, if necessary:
View -> Hash Sets -> right-click and Edit a particular hash set.
| <<< Hash Library Hierarchy | Index | Hash Library Building Steps >>> |