EnCase Forensic Edition ®
The Worldwide Standard in Computer Forensics: Utilized by More Than 12,000 Investigators and Security Professionals Law enforcement, government, military and corporate investigators depend on EnCase Forensic Edition to conduct thorough and conclusive computer examinations. Guided by our relationship with investigators worldwide, EnCase® software has been optimized to handle the ever-growing depth and breadth of computer configurations and capacities. EnCase® software supports the broad range of operating systems, files and peripherals that challenge investigators daily. As the tool of choice for law enforcement, EnCase® software has withstood numerous challenges in court on reliability and accuracy. Recently, the National Institute for Standards and Technology (NIST) concluded that the EnCase® imaging engine operates flawlessly. No other computer forensic solution has this track record of credibility established by its users, independent agencies and courts. EnCase® software was awarded the prestigious eWEEK Excellence Award and SC Magazine’s Five-Star Rating.
High Throughput and Reliability Key to computer forensics is the ability to acquire and analyze data quickly. EnCase Forensic Edition V4 allows investigators to easily manage large volumes of computer evidence, viewing all relevant files, including "deleted" files, file slack and unallocated space. The unmatched functionality within EnCase® software allows investigators to conduct the entire computer investigation process, including customized reporting of searches and findings.
Forensically Sound Acquisitions EnCase® software performs media acquisitions by producing an exact binary duplicate of data on the original media. EnCase® verifies this by generating MD5 hash values of both the original media and the resulting image file (an "evidence file"). In addition, each 64 sectors of the evidence file is assigned a CRC value. These CRC values are checked each time the evidence file is accessed.
Extreme Flexibility: EnScriptTM EnScript is a macro-programming language built into EnCase® software. Emulating qualities of both Java and C++, EnScript® allows the investigator to build custom-designed scripts for specific investigative needs and/or to automate complex and routine tasks. By automating almost any investigative task, EnScripts® can save investigators days, if not weeks of analysis time.
ENCASE FORENSIC EDITION . EnCase Forensic Edition Features
. . . . . . . . . . . .
Multiple Case Management
EnCase® software features multiple case management, allowing investigators to simultaneously run multiple cases on multiple media targets.
Unicode Support When a user views a document created in a different language, EnCase® software will display the characters correctly. This new feature enables EnCase® software to search for keywords and display results in any language.
Dynamic Disk Configurations EnCase® software supports the following dynamic disk configurations: Spanned, Mirrored, Striped, RAID 5, and Basic. With minimal input from the investigator, EnCase® software automatically detects the disk configuration and maps all partitions, while still preserving the boot area and unused disk areas for further searching.
Search and Analysis: Keyword, Hash and Signature Searches, and Filters EnCase Forensic Edition V4 allows investigators to analyze multiple pieces of acquired and previewed media simultaneously. Investigators can utilize global keyword searches, hash analysis, file signature analysis, file-specific filters and multiple filters to quickly analyze target media.
Multiple Acquisition Options Just as there are many different forms of digital media, there are many methods of acquiring media. EnCase® includes cables for parallelport and crossover network acquisitions in Windows or DOS. Both methods allow software "write-blocks" to be placed on the suspect media, ensuring the media is not altered.
File Systems Interpreted by EnCase The following file systems are currently supported by EnCase Forensic Edition Version 4: FAT12 (Floppy), FAT16, FAT32, NTFS, HFS, HFS+, Sun Solaris UFS, EXT2/3, Reiser, BSD FFS, Palm, CDFS, Joliet, UDF and ISO 9660.
PST Email Support EnCase® software supports PST files that have both compressible encryption and full encryption, bypassing PST file passwords.
Gallery View The Gallery View provides a simple way to rapidly view all images in an evidence file. The Gallery displays images of BMPs, JPGs, GIFs, & TIFFs.
Timeline View The Timeline View allows investigators to view a calendar-style graphic of all file activity, illustrating file attributes such as when files were created, last written or accessed. The Timeline View scales from days to years, serving as a valuable tool for looking at patterns of file activity.
Report View Reports can be generated on any file, folder, volume, physical disk or the entire case. Reports include reference information regarding the acquisition, drive geometry, folder structures, bookmarked files and images. Investigators may export reports in RTF or HTML format.
EnCase Encrypting File System (EFS) Module The EnCase EFS Module provides Encrypting File System (EFS) folder and file decryption capabilities, for locally authenticated users.
EnCase Virtual File System (VFS) Module The EnCase VFS Module enables examiners to mount computer evidence as a read-only off-line network drive, which allows further examination of the evidence using Windows Explorer and 3rd party tools.
Network Authentication Server (NAS) Module The Network Authentication Server provides complete flexibility in EnCase software licensing. NAS enables EnCase software licenses to be utilized in 3 ways; local on the Examiner computer, remotely with Terminal Services, and across the network using the License Manager.
About Guidance Software Guidance Software is the leader in computer forensics and incident response solutions. Founded in 1997 and headquartered in Pasadena, CA, Guidance Software has offices and training facilities in California, Virginia and the United Kingdom. More than 12,000 corporate and government investigators depend on EnCase® software, while more than 3,500 investigators attend Guidance Software's forensic methodology training annually. Accepted by numerous courts and honored with eWEEK’s Excellence Award and SC Magazine’s Annual Award, EnCase® software is considered the standard forensic tool. For more information, visit Guidance Software’s Web site at www.guidancesoftware.com.
215 North Marengo Avenue, Second Floor Pasadena, California 91101 T: 626.229.9191, F: 626.229.9199
TM
Guidance Software
