Direct Network Preview
EnCase Forensic
®
Version 7.06 includes a utility that allows you to conduct live investigations and
acquisition over an IP network without the need for a SAFE. You can also deploy a servlet to a
single computer on the network in order to read, acquire, or monitor a computer or hard drive.
Following an easy, 3 step process, you can see the remote hard drive or computer—including
physical and process memory—appear in EnCase Forensic in the same way traditional acquired
hard drives or evidence appears.
EnCase Forensic Imager
EnCase Forensic Imager is a new product that allows you to create EnCase evidence files or
EnCase logical evidence files. It is similar to EnCase Forensic, but does not contain processing,
review, or analysis functionality.
The benefit of the Imager is that allow both EnCase and non-EnCase users to acquire evidence
in a forensically sound manner. Further, for EnCase Forensic users, the evidence can be
seamlessly added to EnCase Forensic for examination. EnCase Forensic Imager is available free,
and does not require an EnCase license.
Macintosh Operating System Enhancements
Macintosh Artifacts
Version 7.06 includes support for the following Macintosh artifacts:
•
Displays all HFS+ file system compressed files as uncompressed
•
Supports Finder information and extended file attributes
•
Displays security Access Control Lists (ACLs)
•
Improved support for OS X Trash items
Macintosh OS X and Installer
EnCase Forensic now supports Mac OS X 10.8. This update includes an enhanced Mac installer
that supports “launchd”, a unified, open-source service management framework for starting,
stopping, and managing daemons, applications, processes, and scripts.
Macintosh Logical Volumes
EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to
systems via servlets, the servlet interacts with the operating system to address the volume.
Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.
Enhanced Windows Operating System Support
Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you
to perform dead-box investigations and aids in the deployment of servlets to live-boxes. EnCase
Forensic also provides support for:
•
Servlet for Windows 8 and Windows Server 2012
•
Windows 8 artifact support:
•
Registry parsing
•
System information parsing
•
Windows 8 BitLocker
•
Parsing Windows 7 Automatic Destinations (jump lists) and their link files
•
Windows 7 thumbs.db parsing
What’s New in EnCase
®
Forensic Version 7.06
The Standard in Digital Investigations
www.encase.com
GUIDANCE SOFTWARE | EnCase Forensic
www.encase.com
GUIDANCE SOFTWARE | EnCase Forensic
About Guidance Software (NASDAQ: GUID)
Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its
EnCase
®
platform provides the foundation for government, corporate and law enforcement organizations
to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as
responding to e-discovery requests, conducting internal investigations, responding to regulatory inquiries
or performing data and compliance auditing - all while maintaining the integrity of the data. There are
more than 40,000 licensed users of the EnCase technology worldwide, the EnCase
®
Enterprise platform is
used by more than half of the Fortune 100, and thousands attend Guidance Software’s renowned training
programs annually. Validated by numerous courts, corporate legal departments, government agencies and
law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition
from Law Technology News, KMWorld, Government Security News, and Law Enforcement Technology.
©2013 Guidance Software, Inc. All Rights Reserved. EnCase and Guidance Software are registered trademarks or trademarks owned by
Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands
may be claimed as the property of their respective owners.
Enhanced Tablet Support
EnCase Forensic Version 7.06 adds support for the following tablets:
•
Google Nexus 7
•
Acer Iconia Tab A500
•
Samsung Galaxy Tab 2
•
Kindle Fire HD (support for Lightspeed browser artifacts and social media)
Android OS and Device Acquisition Support
EnCase Forensic supports logical and physical acquisition of devices, including phones and
tablets, running Android OS Version 4, Ice Cream Sandwich, Version 4.1-2, and Jelly Bean.
Artifact support has been expanded to include the ability to process Android physical evidence
files (E01) and produce logical evidence files (L01) containing common smartphone categories:
contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data
partition and a navigable file/folder hierarchy.
Encryption Support
EnCase Forensic now supports the following encryption products:
Vendor
Product
Supported Versions
64-bit Sup-
port
Check Point
Check Point Full Disk Encryption
(formerly Pointsec PC)
6.3.1 up to 7.4
Yes
Credant
Mobile Guardian
5.2.1, 5.3, 5.4.1, 5.4.2,
6.1 through 6.8, 7.3
No
GuardianEdge Encryption Plus/Anywhere
7 and 8
No
GuardianEdge Hard Disk Encryption
9.1.5, 9.2.2 , 9.3.0, 9.4.0,
9.5.0, 9.5.1
Yes
McAfee
EndPoint Encryption (formerly
SafeBoot)
4, 5, 6 (for Windows and
Macintosh computers)
Yes (for Ver-
sions 4 and 5)
Microsoft
BitLocker and BitLocker To Go
Vista, 7, Server 2008
Yes
Sophos
SafeGuard Easy and Enterprise
(formerly Utimaco)
4.5, 5.5, 5.6
Yes (only for
SafeGuard
Easy, not for
Enterprise)
Symantec
PGP Whole Disk Encryption
9.8, 9.9, 10, 10.1, 10.2
Yes
Symantec
Endpoint Encryption
7.0.2, 7.0.3, 7.0.4, 7.0.5,
7.0.6, 7.0.7, 7.0.8, 8.0, 8.2
Yes
WinMagic
SecureDoc Full Disk Encryption 4.5, 4.6
No