How to setup the Demo case SEC v Tamas case

Article:HOWTO80651  |  Created: 2012-10-05  |  Updated: 2013-06-06  |  Article URL
Article Type
How To

Method 1 - extract the source files and run processing

files needed
  • - unzip to any location
  • Create a new case called "SEC v Tamas"
  • Add the source location
  • Select all sources in the restored case and choose "start processing source with discovery"
Method 2 - extract the source files and restore the case from backup
files needed
  2. v Tamas
 (note this will only work on a standalone Clearwell appliance and not a cluster) - unzip to D:\demodata\ so the file system will look like v Tamas - unzip to D:\CW\V711\caseBackups\
so the file system looks like 
D:\CW\V711\caseBackups\ v Tamas Corp\SEC vTamas Archive
As the case has its sources hosted on \\forensicstorage\collections, the collections folder needs sharing out and a host file entry is needed for the server to successfully connect to this share.
Edit in notepad C:\windows\system32\drivers\etc\hosts and add the following line forensicstorage
Then right click the collections folder and enable sharing with permissions for the service accounts.
When testing connectivity to \\forensicstorage\collections there should be no password prompts, the following may need to be configured to prevent this
Disable the loopback check
To set the DisableLoopbackCheck and DisableStrictNameChecking registry keys, follow these steps:
Click Start, click Run, type regedit, and then click OK.
  1. In Registry Editor, locate and then click the following registry key:
  2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Navigate to  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  8. Either Create or modify a DWORD value called DisableStrictNameChecking
  9. Right-click DisableStrictNameChecking, and then click Modify.
  10. In the Value data box, type 1, and then click OK.
  11. quit Registry Editor, and then restart your computer.
This allows the alternative name of forensicstorage to be used for the appliance name.
Once access to \\forensicstorage\collections is accessible then select all sources in the restored case and choose "start processing source without discovery"
Once finished the Demo case SEC v Tamas should be ready to go.


Article URL

Terms of use for this information are found in Legal Notices