Final answer:
To filter out known good or system files, you would use Hash Analysis in EnCase. This method compares file hashes to a whitelist, streamlining the investigation by excluding recognized files.
Step-by-step explanation:
If you wish to reduce the number of files required for examination by identifying and filtering out known good or system files, the EnCase process you would use is Hash Analysis. This process involves computing a cryptographic hash for each file and comparing it to a list of known hashes for legitimate files (often referred to as a whitelist). Files that match the known good hashes are considered recognized and are not subject to further analysis. This greatly streamlines the examination process by reducing the investigator's workload to only those files that are potentially relevant to the investigation. Other options such as File Carving, Keyword Search, and File Signature Analysis are used for different purposes: File Carving for recovering deleted or fragmented files, Keyword Search for locating specific terms within files, and File Signature Analysis for identifying files based on their headers and footers, not for whitelisting known files.