handle investigations of all kinds often involving multiple people located across multiple
offices and geographic regions. Built on the same technology as EnCase Forensic and
deployed on more than 20 million endpoints, EnCase Endpoint Investigator - External
Investigations is helping numerous law-enforcement and government agencies as well
as 65 of the Fortune 100 do just that every day.
Forensic investigators around the world trust EnCase Endpoint Investigator -
External Investigations to:
• Investigate computers remotely from an Examiner machine
• Conduct investigations on multiple computers simultaneously
• Preview and collect data discreetly and in a forensically sound manner
• Perform investigations securely and with a detailed audit trail
The Most Powerful and Easy-To-Use Remote Investigations Solution
Easily installed in about an hour, EnCase Endpoint Investigator - External Investigations
gives your team everything you need to immediately and thoroughly search, collect,
preserve, analyze, and report on data from servers and endpoints anywhere on a network
from one or multiple Examiner machines—without user disruption or system downtime.
UPGRADE YOUR INVESTIGATIVE
POWER WITH ENCASE
• Affordable price for
• Broad support of major
operating systems and
• Easy, scalable deployment
of servlets to as many target
machines as needed
• Enables RAM or volatile
• Can search unallocated
space for deleted data
• SAFE operates on standard
laptop or desktop system
• Requires no expensive
• Preview and collect data from multiple machines simultaneously
• Search multiple machines simultaneously using Sweep Enterprise
• Conduct investigations discreetly, without alerting users
• Capture volatile artifacts only in live RAM with snapshot functionality
• Manage investigations and access through SAFE
• Document investigations with audit trail
The Snapshot feature in EnCase Endpoint Investigator - External Investigations gives
you the ability to readily capture and analyze volatile artifacts only resident in live
RAM from target machines—even from multiple target computers simultaneously.
This unparalleled visibility accelerates the identification of anomalies, which can be
critical when investigating computer security incidents. Snapshot quickly captures
volatile data to reveal details about open ports, running processes, and other
EnCase Endpoint Investigator - External Investigations is geared for the busy investigator,
offering you the most powerful case-management features on the market.
With EnCase Endpoint Investigator - External Investigations, you can:
• Share Findings: Make case information viewable by more than one investigator
at a time.
• Manage Cases Concurrently: EnCase Endpoint Investigator - External
Investigations lets you review data from more than one case at a time,
simplifying case-comparison analysis functions like keyword searches,
search hits review, etc.
• Automate Processing and Indexing: Spend more time analyzing and less
time on processing and indexing.
Key Differences between EnCase Forensic and
EnCase Endpoint Investigator - External Investigations
Concurrent case management views enable
greater speed and efficiency.
About Guidance Software (NASDAQ: GUID)
We exist to turn chaos and the unknown into order and the known—so that companies and their customers can go about their daily lives as usual
without worry or disruption, knowing their most valuable information is safe and secure. Makers of EnCase®, the gold standard in digital investigations
and endpoint data security, Guidance provides field-tested and court-proven applications that have been deployed on an estimated 25 million
endpoints and work in concert with several other leading enterprise technologies.
Guidance Software®, EnCase®, EnCE™, and EnCEP™ are trademarks owned by Guidance Software and may not be used without prior written permission. All other
trademarks and copyrights are the property of their respective owners.
Remote forensics: One connection at a time