How to setup the Demo case SEC v Tamas case.

Article:HOWTO80651  |  Created: 2012-10-05  |  Updated: 2014-08-21  |  Article URL http://www.symantec.com/docs/HOWTO80651
Article Type
How To



Method 1 - Extract the source files and run processing

Files required:  "7.0_Data_UnzipToD.zip" - Please note that this may have to be requested from your Account Manager
  1. Unzip the file "7.0_Data_UnzipToD.zip" to an accessible location (for example "D:\DemoData\Collections").
  2. Create a new case called "SEC v Tamas".
  3. Add the source location.
  4. Select all sources in the new case and choose "start processing source with discovery". 

--------------------------------------------------------------------

Method 2 - Extract the source files and restore the case from backup

 
Files required:
  • 7.0_Data_UnzipToD.zip
  • 0.6.103.1295-SEC v Tamas Corp.zip

(Please note that this will only work on a standalone Clearwell appliance and not a cluster)

 
1. 7.0_Data_UnzipToD.zip - unzip to D:\demodata\ so the file system will look like this:
 
 
0.6.103.1295-SEC v Tamas Corp.zip - unzip to D:\CW\V711\caseBackups\
 
The file system should looks like this:
 
D:\CW\V711\caseBackups\0.6.103.1295-SEC v Tamas Corp\SEC vTamas Archive
 
 
2. As the case has its sources hosted on \\forensicstorage\collections, the collections folder needs sharing out and a host file entry is needed for the server to successfully connect to this share.
 
2.1 Edit in notepad C:\windows\system32\drivers\etc\hosts and add the following line:
 
127.0.0.1 forensicstorage
 
2.2 Then, right click the Collections folder and enable sharing with permissions for the service accounts.
 
3. When testing connectivity to \\forensicstorage\collections there should be no password prompts, the following may need to be configured to prevent this:
 
3.1 Disable the loopback check.
 
To set the DisableLoopbackCheck and DisableStrictNameChecking registry keys, follow these steps:
 
Click Start, click Run, type: regedit, and then click OK.
  1. In Registry Editor, locate and then click the following registry key:
  2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type: DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Navigate to  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  8. Either Create or modify a DWORD value called DisableStrictNameChecking
  9. Right-click DisableStrictNameChecking, and then click Modify.
  10. In the Value data box, type 1, and then click OK.
  11. Close Registry Editor, and then restart your computer.
 Reference: http://support.microsoft.com/kb/926642
 
This allows the alternative name of forensicstorage to be used for the appliance name.
 
4. Once access to \\forensicstorage\collections is accessible then select all sources in the restored case and choose "start processing source without discovery".
 
5. Once processing is finished, the Demo case SEC v Tamas will be ready for use.
 

 




Article URL http://www.symantec.com/docs/HOWTO80651


Terms of use for this information are found in Legal Notices