Guidance Software TM
Guidance Software TM
E n C a s e® F i e l d
Intelligence Model Version 5
Computer forensics investigations can be extremely invasive. Seizing computers in cases of fraud, harassment, theft and criminal misconduct often interrupt business operations, which can lead to evidence loss – and expose your agency to legal and unnecessary liability. EnCase® Field Intelligence Model gives investigators a highly mobile solution to capture data from any machine with a network connection – all from a remote laptop or mobile workstation. Using the industry’s most advanced toolset, examiners can discreetly and quickly search and analyze hard drives without bringing down servers or computers, tipping off suspects or compromising equipment. Investigators can also retrieve volatile memory, which is ”live” data lost when machines are physically shut down. The solution’s noninvasive approach improves acquisition and response time without causing system downtime typically necessary during the investigation process. It helps protect your agency from accidentally missing data on servers and workstations, damaging computers or placing examiners in difficult situations. Making it Happen
Deploy nonintrusively: EnCase Field Intelligence Model lets examiners investigate any computer with a network connection at any time from a laptop or workstation, onsite or from a remote location. The solution relies on remote agent software (servlets) that can be discreetly “pushed” out over the corporate network to specific computers or servers under investigation. Servlets allow examiners to retrieve details on a suspect’s files, photos, e-mail, Web surfing habits and encrypted data.
Capture “volatile” data: EnCase software leads the industry with its ability to acquire volatile “live” data from workstations and servers while they’re still running, for the most complete picture of a crime scene. The EnCase Snapshot capability captures information about the volatile state of a computer to reveal which users have logged on, hidden processes, running processes and applications, live registry, open files, open ports and other valuable evidence typically lost when computers are taken offline. Snapshot is available as a separate add-on module.
Find and retrieve hidden information: Experienced operators go to great lengths to cover their tracks. EnCase Field Intelligence Model lets investigators search and retrieve files, photos and other evidence hidden within a computer’s file slack, hidden partitions, or unallocated space. Version 5 also detects so-called rootkits and other “virtual” doorways created by sophisticated hackers. Additionally, EnCase Field Intelligence Model reveals whether a computer has been compromised by trojans or other attacks, and helps investigators and prosecutors counter related defense strategies in court. Improve productivity: EnCase Field Intelligence Model features can reduce the time investigators spend on individual cases by 65 percent. With EnCase software you can:
Preview and acquire relevant evidence immediately from any location on the network Move “virtually” from node to node without physically disconnecting from and reconnecting to subsequent nodes View instantly e-mail, Internet artifacts, photographs and graphic files stored on hard drives and other media Streamline the cumbersome task of documenting cases using advanced reporting capabilities Share evidence files securely with other examiners who use EnCase software Carry out complete investigations remotely
215 North Marengo Ave., Pasadena, CA 91101 ׀Ph: 626.229.9191 ׀Fax: 626.229.9199 ׀www.guidancesoftware.com © 2005 Guidance Software, Inc. All Rights Reserved. Guidance Software and the Guidance Software logo are trademarks and EnCase is a registered trademark of Guidance Software, Inc.
