OpenText™ EnCase™ Forensic is one of the leading digital forensics solutions on the market for triage, acquisition, processing and preservation of digital evidence. It empowers computer forensic examiners to conduct efficient forensically sound data collections and investigate using a repeatable and defensible process. EnCase offers disk-level forensic analysis and the broadest support of operating and file systems, artifacts and encryption types, all while maintaining evidence integrity. Powerful processing, integrated investigation workflows and flexible reporting options differentiate EnCase in the market.
EnCase Forensic’s feature set has been called “simply unmatched” by SANS. Learn why and contact an EnCase expert today.What’s new in 8.07 – Turning Customer Feedback into Product Innovation
We are constantly listening to our customers to deliver new features and enhancements that maximize value throughout their entire digital investigation lifecycle. The EnCase Forensic 8.07 release provides the following key new features:
Support for the New Apple File System (APFS)
The new APFS became the default file system with the release of macOS High Sierra 10.13 and posed some significant challenges for forensic investigators for data collections. EnCase Forensic version 8.07 is designed to successfully mount and parse APFS volumes and support the APFS file format helping investigators conduct targeted data collections and send the output as an EnCase logical evidence file.
Updated Encryption Support
EnCase Forensic 8.07 now supports the following encryption types:
• Support for Symantec PGP Version 10.3
• Support for Dell Data Protection 8.17
• Support for Microsoft BitLocker XTS-AES
Advanced Indexing Engine
EnCase Forensic 8.07 comes with an advanced indexing engine with much faster processing speeds (4X faster). It enables better hardware utilization, high scalability and performance, comprehensive language support and smaller RAM requirements.
Windows Volume Shadow Copy Support
You can now use EnCase Forensic to analyze Volume Shadow Snapshot (VSS) backups (also known as
volume shadow copies). Using the new Analyze Volume Shadow Copies module, you can use a
recovery condition to select and recover specific modified or deleted files, or you can recover a full
volume. Volume shadow copy functionality requires the file system to be NTFS.
Mobile Acquisition Enhancements
EnCase Forensic supports the latest smartphones and tablets, including more than 27,000 mobile device profiles, all while empowering the examiner to conduct logical and physical acquisitions. The following mobile acquisition enhancements are available with EnCase Forensic 8.07:
• Mobile data triage: Mobile Data Triage has been added for cases acquired from Android devices and iPhone devices, and imported from iPhone backups.
• Android file system acquisition improvements: File system acquisition for Android devices has been improved. File systems from more devices can now be acquired.
• iCloud imports: EnCase Forensic can now import iCloud backups.
• Data parsing added for more applications: Application data parsing for Android devices has been added for Firefox and WeChat.
• WhatsApp application parsing improvements: WhatsApp application data parsing for Android devices has been improved
OpenText continues to evolve the EnCase Forensic product based on technological advancement and customer feedback. It has been named the Best Computer Forensic Solution for eight consecutive years by SC Magazine. The EnCase evidence file format has been used to preserve digital evidence in thousands of cases and cited in over 100 court opinions. No other solution offers the same level of functionality, flexibility, and has the track record of court-acceptance as EnCase Forensic.
Click here to read the SANS review of EnCase Forensic.
Get all your questions answered – Contact an EnCase Forensic expert today.
