The Official EnCE: EnCase Certified Examiner Study Guide by Steve Bunting is a well written and informative text with the goal of preparing a computer forensic examiner for Guidance Software’s EnCE certification. The book’s author, Steve Bunting, writes that the book will give you more knowledge than you need to pass the exam, rather than merely covering the basics to pass the certification process. Before you read any further, a quick disclaimer: I am not EnCE certified and thus cannot truly testify to the preparedness that reading this book provides.
I do believe this book provides solid information and will help someone new to EnCase get a better understanding of the program, its capabilities, and the process EnCase takes to retrieve the data. As a forensic analyst without much EnCase training, I know how to perform some key functions, such as using the Case Processor to perform LNK file analysis, how to mount a file to view the file structure, etc. However, I knew EnCase was a powerful program and that there was much for me to learn about this wonderful piece of software. This EnCE study guide by Steve Bunting is great for fellow examiners similar to myself, looking to further their knowledge of EnCase. I wanted to learn about EnCase, how to use it, and understand what this application is truly capable of. This book is great for that purpose, but not entirely great at the other goals the text sets out to accomplish.
Before you start out to read this book, you’ll need to ask yourself a few questions:
What are you looking to get out of this book, an EnCE certification, knowledge on how EnCase does what it does?
How well do you know EnCase?
Are you hoping to learn more about the forensic process than the capabilities and how to use EnCase? Read more