Denna rapporten är en jämförelse av forensiska verktyg, i detta fallet är verktygen EnCase och BackTrack. Vi kommer i den här rapporten att jämföra vissa utvalda verktyg som representeras i båda programmen, och analysera resultatet av detta. Analysen och jämförelsen kommer därefter ligga till grund för om man kan få fram lika bra resultat med ett open-source program som med ett program man betalar för. Vi kommer att utföra analysen genom att använda en bevisfil och utföra tester på den i både BackTrack och EnCase. Resultatet kommer att diskuteras och presenteras i denna rapport.För att få fram bästa möjliga resultat kommer vi även att intervjua vissa utvalda personer med erfarenhet utav att arbeta med dessa program, för att få fram deras synpunkter.

With the increase in IT related crimes the IT forensics has more work ahead of them and it is constantly rising. The analysis software called EnCase is widely used by IT forensics all around the globe and with it comes an internal programming language called EnScript.This paper is designed to examine whether a manual for the programming language EnScript can make a difference in how efficiently the work is.A study between two groups has been made and an evaluation of the results between the two groups.The manual provided aims to introduce the reader to EnScript as a programming language and also to provide a solid foundation to build on in further work with EnScript.

In the field of IT-forensics you may often get to analyze different types of digital devices. One ofthese devices is the GPS navigation system. Nowadays GPS technology is getting more and morepopular and is included more frequently in different types of devices. With this article we want topresent the differenent obstacles and possibilites that a forensic investigator is presented with in thistype of investigation. We will be comparing different software suites and make use of forensic toolssuch as EnCase.The reader should get some understanding of the methods there are for analyzing one of these devicesand what problems that may occur in the investigation process.The article presents how the investigator can use different methods to gain information such as recentroutes, favourite destinations and other information that may be stored on the device.

In contemporary encryption the vast amount of text subject to cracking has brought about the demand for methods distinguish files more likely to be encrypted. The encryption software Truecrypt can encrypt files that are not possible to identify with a file signature. To solve the detection problem, an algorithm sensitive to the absence of structure in the very code of files was developed. The program was written in the programming language EnScript which is built into the forensic software suite EnCase. The essential part of the algorithm therefore deployes the statistic of a chi-square test for deviance from a uniform distribution to distinguish files with contents that appear to be random.

In the field of IT-forensics you may often get to analyze different types of digital devices. One ofthese devices is the GPS navigation system. Nowadays GPS technology is getting more and morepopular and is included more frequently in different types of devices. With this article we want topresent the differenent obstacles and possibilites that a forensic investigator is presented with in thistype of investigation. We will be comparing different software suites and make use of forensic toolssuch as EnCase.The reader should get some understanding of the methods there are for analyzing one of these devicesand what problems that may occur in the investigation process.The article presents how the investigator can use different methods to gain information such as recentroutes, favourite destinations and other information that may be stored on the device.

Idag har vi mängder av data på våra lagringsmedia vilket gör dem till en värdefull informationskälla. Om denna data raderas betyder det inte att den är borta för alltid. Data finns fortfarande kvar på lagringsmediet och går att återskapa med så kallad file carving. Att kunna återskapa data är en viktig del inom den polisiära verksamheten, men även för andra verksamheter som förlorat data. Det finns dock vissa problem som kan ställa till med besvär när data ska återskapas. När filer inte är lagrade i sammanhängande datablock blir de fragmenterade vilket innebär problem.

In the field of IT-forensics you may often get to analyze different types of digital devices. One ofthese devices is the GPS navigation system. Nowadays GPS technology is getting more and morepopular and is included more frequently in different types of devices. With this article we want topresent the differenent obstacles and possibilites that a forensic investigator is presented with in thistype of investigation. We will be comparing different software suites and make use of forensic toolssuch as EnCase.The reader should get some understanding of the methods there are for analyzing one of these devicesand what problems that may occur in the investigation process.The article presents how the investigator can use different methods to gain information such as recentroutes, favourite destinations and other information that may be stored on the device.

Idag har vi mängder av data på våra lagringsmedia vilket gör dem till en värdefull informationskälla. Om denna data raderas betyder det inte att den är borta för alltid. Data finns fortfarande kvar på lagringsmediet och går att återskapa med så kallad file carving. Att kunna återskapa data är en viktig del inom den polisiära verksamheten, men även för andra verksamheter som förlorat data. Det finns dock vissa problem som kan ställa till med besvär när data ska återskapas. När filer inte är lagrade i sammanhängande datablock blir de fragmenterade vilket innebär problem.

En fallstudie tillämpades för att undersöka de inbyggda apparna, Internet Explorer 10, den nya utforskaren File Explorer och reparationsverktyget ?Återställ datorn utan att ta bort filer? i Windows 8. Analysen visade att apparna E-post, Kontakter och Meddelanden sparade större delar av användarens Facebook-profil lokalt på datorns hårddisk. När bildfiler öppnades upp med appen Foton sparades miniatyrbilder av originalet på hårddisken. När videofiler spelades upp med appen Video sparades filnamnet i filer.

AimThe purpose of this degree thesis was to find out what strategies and behaviours earlier overweight individuals have used to maintain their weight loss.- What strategies did the participants use to loose weight?- Which behaviours are related with maintained weight loss?MethodThe study is based on an EnCase research with earlier overweight individuals who had lost weight with help of the Cambridge method. The chosen population who further more had maintained their weight for over one year have answered questions about their successfully maintained weight loss.ResultsThe results are based on 32 overweighed individuals, 9 men and 23 women, who had maintained their weight loss for over one year. After the initial weigh loss by help of the Cambridge method their main strategy was to change eating behaviour ? by eating on regular schedule, choose food with less fat ? and to increase their physical activity.