Download - Ocr and EnCase
How to process scanned documents in EnCase
2014
Process
• Turn paper evidence into format which forensic software can process
• Paper evidence -> image -> text from the image -> digital evidence
paper to image scanner
image to text OCR
forensic analyses Forensic SW (EnCase)
Important things
• Keep whole process forensically sound – no change in original evidence – document process and tools – keep names of the files – keep in mind that metadata can change in this process
• Use forensically reliable data formats (L01) to store data and results
• Document reliability of OCR system and check results manually
• Automate process trough tested scripts/tools • Store and document errors, logs etc
Example
Situation – set of scanned documents in pdf, if they are related to digital
evidence in the case ?
Solutions
1) Read documents manually, check what is in the documents, compare with digital evidence by hand bookmark, report
2) Use reliable OCR to convert PDF into format which forensic software can index / search, process this new files in forensic software, bookmark, report
Processing pdf (1)
1. Copy pdf out of the case – use copy folder (keep folder structure)
2. Use OCR to created text format (docx) – set the appropriate language in the OCR!!!!
– test and process, record errors and warnings (to add it into case as notes)
3. keep names and folder structure as same as possible – name.pdf turns into name.docx
– best to use separate disks / folders
Processing pdf (2)
1. Add text files into case – use single files
– create logical evidence file
2. Add new logical evidence file into case – use case processor to index and process logical
evidence
3. Do analyses – bookmark findings
– add notes to case and bookmark it too
Localisation issues
• It is essential that OCR tool supports lanugage in which documents are written
– testing sholud be done to prove reliabilty
– result documented and available for legal review