Version 7.06 includes a utility that allows you to conduct live investigations and
acquisition over an IP network without the need for a SAFE. You can also deploy a servlet to a
single computer on the network in order to read, acquire, or monitor a computer or hard drive.
Following an easy, 3 step process, you can see the remote hard drive or computer—including
physical and process memory—appear in EnCase Forensic in the same way traditional acquired
hard drives or evidence appears.
EnCase Forensic Imager
EnCase Forensic Imager is a new product that allows you to create EnCase evidence files or
review, or analysis functionality.
The benefit of the Imager is that allow both EnCase and non-EnCase users to acquire evidence
in a forensically sound manner. Further, for EnCase Forensic users, the evidence can be
seamlessly added to EnCase Forensic for examination. EnCase Forensic Imager is available free,
and does not require an EnCase license.
Displays all HFS+ file system compressed files as uncompressed
Supports Finder information and extended file attributes
Displays security Access Control Lists (ACLs)
Improved support for OS X Trash items
Macintosh OS X and Installer
EnCase Forensic now supports Mac OS X 10.8. This update includes an enhanced Mac installer
that supports “launchd”, a unified, open-source service management framework for starting,
stopping, and managing daemons, applications, processes, and scripts.
Macintosh Logical Volumes
EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to
systems via servlets, the servlet interacts with the operating system to address the volume.
Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.
Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you
Forensic also provides support for:
Servlet for Windows 8 and Windows Server 2012
Windows 8 artifact support:
System information parsing
Windows 8 BitLocker
Parsing Windows 7 Automatic Destinations (jump lists) and their link files
Windows 7 thumbs.db parsing
About Guidance Software (NASDAQ: GUID)
platform provides the foundation for government, corporate and law enforcement organizations
to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as
responding to e-discovery requests, conducting internal investigations, responding to regulatory inquiries
or performing data and compliance auditing - all while maintaining the integrity of the data. There are
more than 40,000 licensed users of the EnCase technology worldwide, the EnCase
Enterprise platform is
programs annually. Validated by numerous courts, corporate legal departments, government agencies and
law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition
from Law Technology News, KMWorld, Government Security News, and Law Enforcement Technology.
©2013 Guidance Software, Inc. All Rights Reserved. EnCase and Guidance Software are registered trademarks or trademarks owned by
Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands
may be claimed as the property of their respective owners.
Enhanced Tablet Support
EnCase Forensic Version 7.06 adds support for the following tablets:
Google Nexus 7
Acer Iconia Tab A500
Samsung Galaxy Tab 2
Kindle Fire HD (support for Lightspeed browser artifacts and social media)
EnCase Forensic supports logical and physical acquisition of devices, including phones and
Artifact support has been expanded to include the ability to process Android physical evidence
files (E01) and produce logical evidence files (L01) containing common smartphone categories:
contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data
partition and a navigable file/folder hierarchy.
EnCase Forensic now supports the following encryption products:
(formerly Pointsec PC)
6.3.1 up to 7.4
5.2.1, 5.3, 5.4.1, 5.4.2,
6.1 through 6.8, 7.3
GuardianEdge Encryption Plus/Anywhere
GuardianEdge Hard Disk Encryption
4, 5, 6 (for Windows and
Yes (for Ver-
sions 4 and 5)
BitLocker and BitLocker To Go
Vista, 7, Server 2008
SafeGuard Easy and Enterprise
4.5, 5.5, 5.6
Yes (only for
Easy, not for
PGP Whole Disk Encryption
9.8, 9.9, 10, 10.1, 10.2
7.0.2, 7.0.3, 7.0.4, 7.0.5,
7.0.6, 7.0.7, 7.0.8, 8.0, 8.2