How to setup the Demo case SEC v Tamas case

Article:HOWTO80651  |  Created: 2012-10-05  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO80651
Article Type
How To



Method 1 - extract the source files and run processing

files needed
  1. 7.0_Data_UnzipToD.zip
  •  7.0_Data_UnzipToD.zip - unzip to any location
  • Create a new case called "SEC v Tamas"
  • Add the source location
  • Select all sources in the restored case and choose "start processing source with discovery"
 
 
Method 2 - extract the source files and restore the case from backup
 
files needed
  1. 7.0_Data_UnzipToD.zip
  2. 0.6.103.1295-SEC v Tamas Corp.zip
 (note this will only work on a standalone Clearwell appliance and not a cluster)
 
7.0_Data_UnzipToD.zip - unzip to D:\demodata\ so the file system will look like
 
 
0.6.103.1295-SEC v Tamas Corp.zip - unzip to D:\CW\V711\caseBackups\
 
so the file system looks like 
 
D:\CW\V711\caseBackups\0.6.103.1295-SEC v Tamas Corp\SEC vTamas Archive
 
 
As the case has its sources hosted on \\forensicstorage\collections, the collections folder needs sharing out and a host file entry is needed for the server to successfully connect to this share.
 
Edit in notepad C:\windows\system32\drivers\etc\hosts and add the following line
 
127.0.0.1 forensicstorage
 
Then right click the collections folder and enable sharing with permissions for the service accounts.
 
When testing connectivity to \\forensicstorage\collections there should be no password prompts, the following may need to be configured to prevent this
 
Disable the loopback check
 
To set the DisableLoopbackCheck and DisableStrictNameChecking registry keys, follow these steps:
 
Click Start, click Run, type regedit, and then click OK.
  1. In Registry Editor, locate and then click the following registry key:
  2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Navigate to  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  8. Either Create or modify a DWORD value called DisableStrictNameChecking
  9. Right-click DisableStrictNameChecking, and then click Modify.
  10. In the Value data box, type 1, and then click OK.
  11. quit Registry Editor, and then restart your computer.
 ref http://support.microsoft.com/kb/926642
 
This allows the alternative name of forensicstorage to be used for the appliance name.
 
Once access to \\forensicstorage\collections is accessible then select all sources in the restored case and choose "start processing source without discovery"
 
Once finished the Demo case SEC v Tamas should be ready to go.
 
 
 

 



Article URL http://www.symantec.com/docs/HOWTO80651


Terms of use for this information are found in Legal Notices