Thanks Douglas for the info. It sounds like v7 will induce a price increase if it contains new features and improvements improvements – I’m glad I opted for 3 years SMS!
Me too. Painful at the time though.
The new features look very interesting. EnCase has recently taken very much of a back seat for me as an analysis tool. Perhaps this new release may redress the balance. I wonder when the release data is. Anyone remember the interminable wait for FTK2 between its initial publicity and relase? And then the feeling of a huge let-down. lol
The wait for FTK2 actually lasted until the arrival of FTK3. I hope GSI get it right first time with EnCase v7. I haven't seen anything yet about improvements in reporting or am I alone in thinking that EnCase hasn't mastered this area yet?
I just worry how little work actually goes into the forensic edition these days
I won't comment in too much depth about GSI's efforts, but I've heard variations on this concern since 2004. In that time, EnCase Forensic has always had significant investment. Most improvements to EnCase Forensic naturally benefit the rest of GSI's product suite, so it's not a zero-sum game.
cheers,
Jon
Fair enough, perhaps it's the loss of talent such as your good self then 😉
Just to add what Douglas has listed
- Volatility features have been ported into EnScript and included in v7
- E0 file format will still be supported in addition to the new EV2 format which will have 256bit AES encryption. No public API as yet to allow 3rd party products such as Dossier, etc to create Ev2 (Ex0) files during imaging
-Improved support for running from within VMware
-*New* EnScript scripting will require existing EnScripts to be 'ported' to v7 syntax
- v7 will have built in "smart phone" support included with only 5 basic cables
- Old EnCase v6 features can still be accessed but they have 'streamlined' and simplified the primary user interface to with some built in workflows, etc (a la FTK 3)
- Case file contents will now be cached to disk and indexed rather than relying purely on 'extents', etc and having to re-read items into RAM - which will now be quicker, but as a result 'case file" will be much, much larger
-Public Beta to open shortly after CEIC.
That's about all I recall right now
The wait for FTK2 actually lasted until the arrival of FTK3. I hope GSI get it right first time with EnCase v7. I haven't seen anything yet about improvements in reporting or am I alone in thinking that EnCase hasn't mastered this area yet?
I've long since given up on using forensic suites for reporting. They can be very helpful in creating bits and pieces that you blend into your own report, but my requirements are so customized that I don't really expect these tools to do all that much in the area of reporting.
I'm going to go out on a limb and say that this upcoming EnCase release will go smoothly because it's the first Robert Botchek supervised version of EnCase Forensic. I had the opportunity to have a long talk to Robert during CEIC 2010 and he strikes me as someone who knows how to execute. I suspect that will show itself here shortly.
I wonder if the Tableau Imager will be incorporated in EF7. That would get around the 'repeating bad sector' issue and also speed up the acquisition significantly (assuming you use Tableau write blockers). Will have to ask…
I wonder if they plan on addressing the issues they have with Long File Path exporting that v6 is plagued with. From what I understand there has been an Enhancement request in to add robocopy for a long long time. With the growing number of mac images that we all see, it'd be nice to have some native support.
I am aware of the enscripts that can help with this, and my company has even made their own, but it seems like a patch to a problem.
I wonder if the Tableau Imager will be incorporated in EF7. That would get around the 'repeating bad sector' issue and also speed up the acquisition significantly (assuming you use Tableau write blockers). Will have to ask…
Maybe they can replace the detecting FastBloc hang with detecting Tableau hang…..
Eric, agreed the reporting just doesn't work for all intensive purposes. I find even creating RTFs and PDFs of single pages to be tedious. Hopefully that gets at least a little better so I don't have to spend as much time adding fields to generate information about an LNK file or something simple.