Take digital investigations to the next level with new features in OpenText™ EnCase™ Forensic 8.08.
Whether in the field or the lab, digital forensic examiners must overcome investigation roadblocks like OS updates, encryption, new file types, acquisition from the cloud, and more. OpenText™ EnCase™ Forensic, the industry’s leading digital forensic solution, is more-than up to the task and provides regular updates to keep pace with technology advancements.
For more information, visit our website.• Acquire evidence from cloud and on-premises services – EnCase Forensic now supports the acquisition of evidence from:
o Microsoft Office 365
o Microsoft Exchange
o Microsoft SharePoint
This latest release enables investigators to acquire evidence from any mailbox in their domain with cloud and on-premise collection for Microsoft Office 365. Investigators can initiate collection from cloud or on-premise services and then continue working on other aspects of the case while EnCase works in the background to collect the information and drop the evidence directly into the case as a LX01/L01 file, all while preserving the forensic integrity of the evidence.
• Support for Symantec Endpoint encryption – EnCase Forensic now supports Symantec Endpoint Encryption v11.1.3 and v11.2.
• Support for Dell Full Disk encryption – EnCase Forensic now supports Dell full disk encryption on 32-bit and 64-bit physical machines running Windows 8 or Windows 10. Dell introduced its Full disk encryption product about a year ago. OpenText is the first and only vendor to support this encryption.
• Support for APFS Encryption – EnCase v8.08 includes support for APFS (Apple File System) and File Vault 2 encryption, building on EnCasev8.07 ability to mount and parse APFS volumes and support the APFS file format.
• Support for Microsoft Edge internet artifacts – EnCase Forensic now supports Microsoft Edge. The following Microsoft Edge Internet artifacts are parsed:
o Bookmarks
o Cache
o Cookies
o Downloads
o History
o Page Settings
o Top Sites
o Web Notes
• Mobile acquisition enhancements – The following enhancements and updates have been made for EnCase Mobile Acquisition:
o Additional Android devices are now supported via the new Android MTK Expert (physical) plugin. Physical acquisitions of devices can now be performed using the MTK chipset.
o Users can now parse Opera application data on Android devices. Investigators can analyze browsing history, bookmarks, and downloads.
o Parsing of Evernote application data on iOS devices has been improved. Users can now parse Evernote chat messages, contacts, and media attachments. Minor issues have been fixed.
o Binary files Date/Time properties are now acquired in date time format.
As a trusted partner of law enforcement, federal, and corporate examiners, EnCase Forensic is field-tested and courtroom-approved. EnCase Forensic encompasses powerful evidence processing and integrated investigation workflows with flexible reporting options, all while maintaining evidence integrity.
The EnCase evidence file format has been used to preserve digital evidence in thousands of cases and is cited in over 100 court opinions. No other solution offers the same level of functionality, flexibility, and track record of court-acceptance.
For more information:
Click here to check out the SANS review of EnCase Forensic 8.
Or, visit our product webpage.
