Direct Network Preview

Yüklə 21,67 Kb.

ölçüsü21,67 Kb.

Direct Network Preview


EnCase Forensic


 Version 7.06 includes a utility that allows you to conduct live investigations and 

acquisition over an IP network without the need for a SAFE. You can also deploy a servlet to a 

single computer on the network in order to read, acquire, or monitor a computer or hard drive.

Following an easy, 3 step process, you can see the remote hard drive or computer—including 

physical and process memory—appear in EnCase Forensic in the same way traditional acquired 

hard drives or evidence appears.          

EnCase Forensic Imager 


EnCase Forensic Imager is a new product that allows you to create EnCase evidence files or 

EnCase logical evidence files. It is similar to EnCase Forensic, but does not contain processing, 

review, or analysis functionality. 

The benefit of the Imager is that allow both EnCase and non-EnCase users to acquire evidence 

in a forensically sound manner. Further, for EnCase Forensic users, the evidence can be 

seamlessly added to EnCase Forensic for examination. EnCase Forensic Imager is available free, 

and does not require an EnCase license.

Macintosh Operating System Enhancements 


Macintosh Artifacts 

Version 7.06 includes support for the following Macintosh artifacts: 

Displays all HFS+ file system compressed files as uncompressed

Supports Finder information and extended file attributes

Displays security Access Control Lists (ACLs)

Improved support for OS X Trash items

Macintosh OS X and Installer 

EnCase Forensic now supports Mac OS X 10.8. This update includes an enhanced Mac installer 

that supports “launchd”, a unified, open-source service management framework for starting, 

stopping, and managing daemons, applications, processes, and scripts. 

Macintosh Logical Volumes 

EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to 

systems via servlets, the servlet interacts with the operating system to address the volume. 

Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.

Enhanced Windows Operating System Support  


Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you 

to perform dead-box investigations and aids in the deployment of servlets to live-boxes. EnCase 

Forensic also provides support for:

Servlet for Windows 8 and Windows Server 2012

Windows 8 artifact support:

 Registry  parsing

System information parsing

Windows 8 BitLocker 

Parsing Windows 7 Automatic Destinations (jump lists) and their link files

Windows 7 thumbs.db parsing

What’s New in EnCase


 Forensic Version 7.06 

The Standard in Digital Investigations




About Guidance Software (NASDAQ: GUID) 

Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its 



 platform provides the foundation for government, corporate and law enforcement organizations 

to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as 

responding to e-discovery requests, conducting internal investigations, responding to regulatory inquiries 

or performing data and compliance auditing - all while maintaining the integrity of the data. There are 

more than 40,000 licensed users of the EnCase technology worldwide, the EnCase


 Enterprise platform is 

used by more than half of the Fortune 100, and thousands attend Guidance Software’s renowned training 

programs annually. Validated by numerous courts, corporate legal departments, government agencies and 

law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition 

from Law Technology News, KMWorld, Government Security News, and Law Enforcement Technology.  

©2013 Guidance Software, Inc.   All Rights Reserved.  EnCase and Guidance Software are registered trademarks or trademarks owned by 

Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands 

may be claimed as the property of their respective owners.

Enhanced Tablet Support


EnCase Forensic Version 7.06 adds support for the following tablets:

Google Nexus 7

Acer Iconia Tab A500

Samsung Galaxy Tab 2

Kindle Fire HD (support for Lightspeed browser artifacts and social media)

Android OS and Device Acquisition Support   


EnCase Forensic supports logical and physical acquisition of devices, including phones and 

tablets, running Android OS Version 4, Ice Cream Sandwich, Version 4.1-2, and Jelly Bean.

Artifact support has been expanded to include the ability to process Android physical evidence 

files (E01) and produce logical evidence files (L01) containing common smartphone categories: 

contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data 

partition and a navigable file/folder hierarchy.                      

Encryption Support    


EnCase Forensic now supports the following encryption products:



Supported Versions

64-bit Sup-


Check Point

Check Point Full Disk Encryption 

(formerly Pointsec PC) 

6.3.1 up to 7.4



Mobile Guardian

5.2.1, 5.3, 5.4.1, 5.4.2, 

6.1 through 6.8, 7.3


GuardianEdge Encryption Plus/Anywhere

7 and 8


GuardianEdge Hard Disk Encryption

9.1.5, 9.2.2 , 9.3.0, 9.4.0, 

9.5.0, 9.5.1



EndPoint Encryption (formerly 


4, 5, 6 (for Windows and 

Macintosh computers)

Yes (for Ver-

sions 4 and 5)


BitLocker and BitLocker To Go

Vista, 7, Server 2008



SafeGuard Easy and Enterprise 

(formerly Utimaco)

4.5, 5.5, 5.6

Yes (only for 


Easy, not for 



PGP Whole Disk Encryption

9.8, 9.9, 10, 10.1, 10.2



Endpoint Encryption

7.0.2, 7.0.3, 7.0.4, 7.0.5, 

7.0.6, 7.0.7, 7.0.8, 8.0, 8.2



SecureDoc Full Disk Encryption 4.5, 4.6


Dostları ilə paylaş:

Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur © 2019
rəhbərliyinə müraciət

    Ana səhifə