EnCase 是數位鑑識領域中,非常有名的一套軟體,為Guidance Software公司生產, 該公司成立於1997年,開發團隊的成員多半是具有數位鑑識人員(專家)背景. EnCase支援各種作業系統及檔案系統,為國際間普遍被採用的專業電腦鑑識軟體。
功能介紹
- Forensics report (產生鑑識報告)
- Image gallery (圖片檔案快速瀏覽)
- View Registry (檢視登錄檔)
- CDFS support (支援CDFS格式)
- Password recovery (密碼破解,為PLSP選購模組)
- Keyword search (關鍵字搜尋)
- E-mail search (電子郵件搜尋)
- NTFS support (支援NTFS格式)
- FAT 16/32 support (支援FAT16/32格式)
- EXT2/3 support (支援EXT2/3格式)
- File Recovery (刪除檔案復原)
- Validate Image (映像檔驗證)
- Duplicate (建立數位證物映像檔)
- Wipe Disk (清理磁碟紀錄)
- Web History/Cookie/Cache/URLtyped (網路瀏覽紀錄檢視)
- Text indexing (檔案建立索引)
- Encase 64-Bit support
- DBX/PST/EDB/NSF (電子郵件檢視及搜尋功能)
- 支援繁/簡體中文及各國多語系的文件搜尋
更新介紹
What’s New with EnCase Forensic v22.3
With the release of EnCase Forensic v22.3, digital forensic investigators can now take advantage of AFF4 functionality. AFF4, or the advanced forensics file format, is an open-source format used for the storage of digital evidence and data. EnCase Forensic now supports both physical and logical reading of images, meaning an investigator can copy an entire image or only select portions of an image from another investigative tool into the EnCase format for fast, deep-drive investigations to ensure they have the information advantage needed to get to the truth faster and make the world a safer, more secure place.
Acquire from Almost Anywhere |
Forensically Sound Acquisition |
Advanced Analysis |
Improved Productivity |
Automated de-NISTing Capabilities |
Multiple File Viewer Support |
Customizable and Extensible with EnScript® |
Automatic Reports |
Actionable Data |
Integration to Passware Kit Forensic |
Enhanced Windows Operating System Support
Before you begin, make sure you have:
- An EnCase security key (dongle), or an electronic license and connection information
- run EnCase Version 8An optional certificate file for users who want to activate an EnCase Version 6 dongle to
- Installation files for the current release of EnCase
SUPPORTED OPERATING SYSTEMS
- Microsoft Windows 7 SP1 through Windows 10
- Microsoft Windows Server through Version 2016
MINIMUM SUGGESTED SYSTEM REQUIREMENTS FOR EXAMINATION MACHINES
- 4 core processor or better
- 16 GB RAM or better
- 200 GB or larger Solid State Drive (SSD) for Case Data
- 200 GB or larger Solid State Drive (SSD) for Evidence Cache Data
- 1 TB or larger Hard Disk Drive (HDD) for Evidence Data
MINIMUM SUGGESTED SYSTEM REQUIREMENTS FOR MACHINES RUNNING THE SAFE
- 2 core processor
- 4 GB RAM
- 40 GB Spindle or SSD
RECOMMENDATIONS FOR SPECIFIC WORKLOADS
For best performance based on specific workloads, examination computers should meet or
exceed the following hardware and software requirements:
EnCase Basic (原名EnCase Enterprise)
Guidance Software的EnCase方案提供一個企業調查架構,讓公司開展有效的數字調查,快速回應eDiscovery請求,並滿足其他大規模資料收集的需要。對於外部的攻擊採取積極的防禦行動,為公司節省時間、金錢並降低風險!
功能
- Reduce costs and improve efficiencies with a centralized digital investigation capability
- Increase confidence in findings by using the #1 solution for remote investigations
- Achieve compliance with regulatory investigation requirements
- Uncover potential evidence faster than ever using advance searching capabilities
- Improve efficiency by automating common investigation tasks
- Preserve evidence integrity with the court vetted EnCase® evidence file format
- Enable the foundation for digital investigation, incident response, and electronic data discovery
特色
Dependable Results
Investigators can be confident in their findings when using the proven, trusted, industry-leading forensic solution.
Powerful Search
Uncover critical evidence using advanced search capabilities to identify data that would be irretrievable with other computer forensic applications.
Automation
Improved efficiency by automating investigative tasks with EnScript®; the scripting extension built-into EnCase Enterprise.
Court Vetted
EnCase Enterprise preserves data in an evidence file format (LEF or E01) with an unsurpassed record of court acceptance.
Information Assurance
OpenText™ Information Assurance solutions allow corporations and government agencies to perform discrete, targeted collections of electronically stored information (ESI) from a multitude of sources, including on-premises systems, cloud repositories and distributed endpoints. Information Assurance solutions include integrated reporting, auditing and logging to ensure a strict chain of custody.
Gain insight
Understand the scope of the information being collected, prepare data-driven case strategies, and reduce downstream review costs and time.
Collect from anywhere, anytime
Perform discrete targeted collections on on-premises systems, cloud repositories, across remote endpoints and more with reporting, auditing and logging.
Enforce defensible, repeatable processes
Easily create templates and automated, repeatable workflows to meet deadlines and produce better outcomes, preserving metadata and maintaining a strict chain-of-custody.
Scale collections and processing
Securely collect terabytes, or even petabytes, of data for review.
EnCase® Endpoint Security
Earlier Detection, Faster Decisions and Unprecedented Threat Response.
OpenText™EnCase™Endpoint Security的取證檢測和響應功能。這種無代理和基於雲的技術通過簡化的部署實現了企業範圍的威脅評估,並具有經過驗證的可擴展性和靈活性。重要警報將傳遞給Endpoint Security,以提供同類最佳的自動響應功能。
早期檢測
更早檢測組織獨有的難以捉摸的風險、威脅和異常活動, 從而縮短了您的平均發現時間。
更快的決策
使用時間緊迫的終結點遙測, 您可以在安全事件發生時對其進行驗證或關閉, 消除丟失該重要警示的可能性, 並確保從安全投資中獲得持續回報。
Forensic-Grade 的回應
單一、靈活的平臺, 可提供自動和按需回應, 簡化工作流程, 並輕鬆將終結點恢復到受信任狀態。
EnCase® Endpoint Investigator
提供功能最強大且易於使用的遠程取證安全解決方案。
- 執行任何類型的內部或監管調查
- 從網絡外端點收集數據以保持調查的進行
- 謹慎地工作,不會中斷業務或提醒員工
EnCase® Mobile Investigator
EnCase Mobile Investigator augments the mobile acquisition capabilities of EnCase Forensic with the ability to intuitively view, analyze, and report on critical mobile evidence that is relevant to their case. With mobile-first workflows, in-depth evidence analysis, and flexible report generation, investigators can feel confident in their results.