1. In Encase: Create a case and add your evidence files. You must run EnCase as Administrator
2. In Encase: From the EnScript menu, select 'Run' then navigate to and select the 'AKA_Triage_Tool.EnPack'.
   After the first run, it will appear in your EnScripts menu.
3. Make your selections and follow the prompts.
4. Monitor the 'Consoles' tab and the active command prompt windows. This will let you know the current status.
   • The external tools will run in a command prompt that will appear during processing.
   • Each mounted image will spawn as a process in their own command prompt.
   • Do not close the windows until everything is complete.
5. When the external process complete, an image will pop-up letting you know.
   • If the main command prompt appears to be complete, you can close the window.
   • At this point your free to explore the 'AKA_Exports-{YYMMDDHHMM}' results folder, which will be located in the Encase case file's exports folder.
6. When the remaining selected Encase options {Processing, Hashing, etc...} complete, a dialog will appear to let you know.

You can run (As Administrator!) the standalone tool against an image file, a mounted volume, or recursively against a directory containing multiple image files. Supported image types are E01 and DD.

1. Open an administrator command or PowerShell (recommended) prompt and navigate to the AKA folder. Run aka:
   • Against an image: 'ruby aka.rb -s img {Source Image} -o {Output path}'
   • Against a volume: 'ruby aka.rb -s vol {(Drive Letter):} -o {Output path}'
   • Against a directory: 'ruby aka.rb -s dir {Source folder} -o {Output path}'
2. An image will appear letting you know everything is complete.
   • At this point your free to explore the 'AKA_Exports-{YYMMDDHHMM}' results folder
   • The results folder will be located in the passed {Output path} folder.

List of switches

-h or --help : Displays the help text.
-s or --source : Must be followed by the source type {img, vol, dir} and then the source location.
-o or --output : A directory that AKA will create its exports folder in.
--export-only : Will cause AKA to export artifacts but not run any processing tools or AV scans.
--no-av-scan : Will cause AKA to export artifacts/run tools/run filters, but skip running the AV scan.