objective: increase the examiners efficiency and effectiveness. To achieve this
objective a new workflow-driven approach to forensics has been incorporated into
EnCase Forensic v7. With this new workflow, examiners can automate common tasks,
complete comprehensive searches, identify relevant items, and create compelling
reports faster than ever before. This approach can be easily adapted to conform
to any organization’s need. This is a revolutionary change that will transform how
forensic investigations are completed.
used to capture it. With EnCase Forensic, examiners can be confident the integrity of the
evidence will not be compromised. All evidence captured with EnCase Forensic is stored in
the court accepted EnCase evidence file formats. These formats (EO1 and L01) are widely
held as the de facto standard forensically sound evidence containers. In version 7, the
new evidence files (Ex01 and Lx01) can now be encrypted directly within EnCase Forensic,
adding another level of security to the most trusted evidence file format in the industry.
Process Evidence: As the amount of evidence in each case increases, examiners
need speedy, reliable processing capabilities in order to complete their investigations
efficiently. In v7, the EnCase Evidence Processor gives examiners the ability to
automate common tasks required to prepare the collected evidence for the
investigation. This highly configurable processing engine can be tailored to meet
any examiners needs. By adding custom EnScripts to the processor, examiners can
eliminate the need to review EnScript results separately. Now, the result of those
invaluable EnScripts can be indexed allowing for unified search and review of all
evidence from one, easy to use interface.
Perform Deep Forensic Analysis: EnCase Forensic is known for its ability to
uncover evidence that may go unnoticed if analyzed with other solutions. With
version 7, this deep forensic analysis ability has been improved yet again. EnCase now
supports analysis of EXT4 and HFSX file systems, Office 2010 files, Checkpoint/Pointsec
encrypted drives, and iOS physical images. In addition to this expanded support, email
investigations take a significant step forward with v7. The new email investigation platform
makes performing email investigations as easy as reviewing emails in an inbox. With a
streamlined interface and features enabling email conversation and related message
analysis, examiners can perform succinct email investigations faster than ever before.
Compile Findings: A completed case is only as good as its final report. In v7 the
reporting capabilities take a quantum leap forward. Using customizable templates,
examiners can create compelling, easy to read, professional reports for every case. With
easily configurable reporting capabilities, examiners can craft templates for any type of
case, audience, and purpose. Once configured, these templates can be used for any case,
ensuring the quality of reports can be consistent across an examiners entire caseload.
be reviewed in the future, EnCase Forensic v7 has a built in archiving capability. When
a case is completed, the examiner can, with just a few clicks, archive the evidence,
findings, and reports associated with the case, ensuring everything remains intact.
Features and Functionality
At Guidance, we exist to turn chaos and the unknown into order and the known—so that companies and their customers can go about their daily lives as usual without
worry or disruption, knowing their most valuable information is safe and secure. Makers of EnCase®, the gold standard in digital investigations and endpoint data security,
Guidance provides a mission-critical foundation of applications that have been deployed on an estimated 25 million endpoints and work in concert with other leading
enterprise technologies from companies such as Cisco, Intel, Box, Dropbox, Blue Coat Systems, and LogRhythm. Our field-tested and court-proven solutions are used with
confidence by more than 70 of the Fortune 100 and hundreds of agencies worldwide. Get to know us at guidancesoftware.com.
Guidance Software®, EnCase®, EnScript®, EnCE™, EnCEP™, Linked Review™, EnPoint™ and Tableau™ are trademarks owned by Guidance Software and may not be used without prior
written permission. All other trademarks and copyrights are the property of their respective owners.
running the following operating systems
Google’s Android™ OS
Rim’s Blackberry™ OS
HP’s Palm™ OS
Microsoft’s Windows Mobile OS
EnCase Forensic v7, using AES-256 strength encryption
and Lx01 file formats, built on the trusted E01 and L01 formats,
bring increased performance and optimized data management
EnCase Evidence Processor:
Automate common tasks
File Signature Analysis
Protected File Analysis
Hash Analysis (MD5 and SHA-1)
Expand compound files
Find Email (PST, NSF, DBX, EDB, AOL, MBOX)
Find Internet Artifacts (IE, Firefox, Safari)
Search for Keywords
modules by default in the processor
System Info Parser
IM Parser (AOL, MSN, Yahoo)
Personal Information (CC, Phone Numbers, Email, SSN)
Windows Event Log Parser
Windows Artifact Parser
Linux Syslog Parser
the EnCase Evidence Processor
needs with robust query language.
file types are supported
Microsoft Office 2010
iOS Physical Images (iPad, iPhone, iPod)
Full Disk Encryption. Existing encryption product support updated.
easy as reading email in an inbox. Added capabilities to review e-mail
conversations and related messaged to uncover context and identify
all individuals related to the case.
records, to enable easy export of files for review by others.
to use, flexible, and powerful search interface. Incorporate the index,
keyword search results, and tags into a single search.
Customizable Templates: Create custom report templates for
consistent reporting for every case.
Formatting: Choose formatting for each section of the report,
tailoring the representation of finding to meet the audiences needs.
RTF (opens in Microsoft Office)
displaying detailed information about the evidence acquired from a
Smartdevice. Report includes ability to export KML data.
Version 7 of EnCase Forensic represents a step change in the art and science of digital forensics. Here are just a few of the major improvements