Three Things You Need To Know About EnCase Mobile Investigator

Guidance Software (Now OpenText) has recently released EnCase® Forensic and EnCase Endpoint Investigator 8.05 supporting mobile device acquisitions in addition to the all-new EnCase Mobile Investigator, which offers powerful mobile data review and reporting capabilities for acquired mobile data.

Working with the forensic community, we developed EnCase Mobile Investigator with the needs of examiners in mind. Our new mobile forensics solution delivers the same level of visibility to mobile devices as delivered to traditional endpoints through EnCase Forensic. With continuous updates to mobile operating systems and popular apps, the broadest mobile device support available, and powerful investigation features, EnCase Mobile Investigator stands out from the pack — empowering examiners to find, analyze, and report on the evidence they need to close cases.In this post, I want to share the three most important things you need to know about EnCase Mobile Investigator and give you a peek into what we have planned for the future.

EnCase Mobile Investigator is designed with ease of use in mind: With intuitive evidence review, examiners can easily create a case and review parsed mobile device evidence, such as mobile app data, text messages, call records, internet history, e-mails, and cloud repositories associated with the widest variety of mobile devices. Once an acquisition is complete with EnCase Forensic or Endpoint Investigator, you can load that EnCase Mobile Acquisition (.ema) file into EnCase Mobile Investigator. When parsing is complete, you can begin analysis from categorized files and start putting pieces of the puzzle together. As you can see below, once you click on the thumbnail button, all graphic files will appear and you can easily bookmark any relevant evidence for your case. With EnCase Mobile Investigator, finding and gathering the evidence you need from a smartphone, smartwatch, tablet, or even drone, has never been easier.

Expanded Cloud Application Visibility: As mobile apps commonly store some data in the cloud, investigators are faced with challenges accessing crucial and relevant evidence. Those challenges include existing tools that do not support connected cloud accounts, and challenges related to the retrieval of court-ordered warrants. EnCase Mobile Investigator tackles the first challenge providing an examiner access and visibility into a cloud applications associated with the mobile device (Google Drive, Gmail, Facebook, etc.) With an authentication key, (and the appropriate permissions), examiners can access a cloud account to retrieve critical evidence, such as e-mails or messages, that can be instrumental to a case closing. Over time, the use of digital evidence from the cloud in criminal and civil matters will continue to expand, and using EnCase Mobile Investigator can empower you to accessing the evidence you need when obtaining the permissions you seek.

Powerful OCR: Investigators need all of the evidence they can find to report to their key stakeholders, and ultimately, close a case. With EnCase Mobile Investigator, examiners can now find, extract, and analyze data within graphic files using Optical Character Recognition. Evidence from graphic files such as PDFs, photos, and other file types will be found when running keyword searches, ensuring you can uncover critical evidence no matter how it is stored. This is a critical feature designed to ensure your ability to exact relevant evidence no matter how it is stored.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

These are just three examples of how we are committed to making EnCase Mobile Investigator work the way you want it to work. With each release you will see more and more mobile applications, device types, and operating systems supported, so that you can conduct your investigations seamlessly.

We are committed to working with you, the forensic community, to understand how we can continue to make the EnCase better. If you have any comments, suggestions please let us know.

Raj Udeshi is a Product Management Specialist at Guidance Software (Now OpenText)

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...