EnCase Enterprise    

Brochures:
EnCase® Enterprise Transition (PDF)
Webinars:
EnCase® Enterprise v6 Registration

 EnCase® Enterprise and Field Intelligence Model v6
Skip Navigation Links
> products and servicesExpand > products and services
Skip Navigation Links
> companyExpand > company
Skip Navigation Links
> resourcesExpand > resources
Skip Navigation Links
> contact supportExpand > contact support
Skip Navigation Links
> support portal
  
Automated IR Suite eDiscovery Suite IA Suite Modules Hardware

Home > EnCase® Enterprise Home > Upgrade to EnCase® Enterprise v6

EnCase® Enterprise Version 6 —
Why You Should Upgrade

The Version 6 interface is similar to Version 5 (click to enlarge)

Upgrade to EnCase® v6 to achieve significantly improved search capabilities and greater productivity. These new v6 features and additional features planned for future release were requested by our customers and will deliver more digital-investigation power. .

New Features

Case Indexer
EnCase® V6 introduces our new patent-pending, powerful indexing engine which indexes text extracted from the Stellent™ Outside In Technology. You can now build a complete index of words from multiple languages based on your evidence file and then create fast and easy queries using EnCase® Conditions and Filters. These indices can be chained together to find possible keywords in common with other investigations. The Unicode-supported index is built from the contents of personal documents, deleted files, file system artifacts, file slack, swap files, unallocated space, emails and web pages.

64-bit Support
EnCase® Enterprise now comes in 32 bit and 64 bit. Common investigations are now involving hundreds of gigabytes to tens of terabytes of static data requiring analysis. The amount of this data easily exceeds the memory addresses in 32-bit software. In today's 32-bit desktop systems, there can be up to 4GB of RAM (provided the motherboard can handle that much RAM) which is split between the applications and the operating system. Users will note a performance increase, because a 64-bit CPU can handle more memory and larger files. One of the most attractive features of 64-bit processors is the amount of memory the system can support. 64-bit architecture will allow systems to address up to 1 terabyte (1000GB) of memory. The new 64-bit version of EnCase® Examiner v6 delivers improved multi-threading and a more efficient use of all available memory.

Check In ("Phone Home" Servlet Communication)
EnCase® Enterprise is the only forensic tool with the revolutionary ability to perform incident response and forensics operations on machines that are not connected to the corporate LAN or WAN. With the new Check In feature, the EnCase® Enterprise servlet can initiate a connection to the SAFE from anywhere on the internet, enabling examiners to investigate machines and dramatically reducing the challenge of catching machines when they are not connected to the corporate network.

A multi-page Adobe® PDF displayed in the Doc panel (click to enlarge)

Native File Viewer
EnCase® Examiner v6 has incorporated the Stellent™ Outside In file-viewing technology and now displays over 400 file formats natively in the Doc panel.

Enhanced Email Support to Natively Parse
Guidance Software has added the following NEW email formats to EnCase® v6 and now natively presents their contents without their application:

  • MS Exchange 2000/2003 EDBs
  • Lotus Notes NSFs versions 5, 6, 6.5 and 7

Hard Disk Caching for Email Parsing
In v6, EnCase® Enterprise now uses disk caching to quickly open large and complex compound files, such as Lotus Notes NSFs and Microsoft EDBs and PSTs.

Additional File System Support
Guidance Software has added the following NEW file systems to EnCase® v6 and now presents the folder/file structures:

  • FreeBSD’s Fast File System 2 (FFS2)
  • FreeBSD’s UFS2
  • Novell NWFS
  • Novell NSS

Although the NWFS file system has been used by Novell since NetWare version 2x, EnCase only currently supports NetWare versions 5.1, 6.0 and 6.5 with either the NWFS or NSS file system.

NOTE: Novell file systems are parsed statically.

Support for Apple® DMG Files
Treated like a real disk, these files can now be added to EnCase® Enterprise, displaying the internal file/folder structure.

Support for Apple / Unix Files Compressed with PAX
Files compressed in a Macintosh / Unix environment using the PAX (Portable Archive Exchange) command can be saved in either tar or cpio format. EnCase® Forensic v6 now includes support for the parsing of BOTH cpio and tar PAX compressed files.

Support for Gzip Compressed Archive Files
EnCase® Enterprise v6 adds Gzip (zlib) support for regular (non-compressed) files. EnCase® software does NOT yet support bzip or adc formats.

Alternate Path
How may times have you set up your equipment to acquire a drive image, only to have run out of drive space? EnCase® Enterprise v6 now allows you to set an alternate destination volume for evidence files at the start of the media acquisition.

Display of Hard Disk Serial Number
Are you tired of removing the suspect hard drive to document the serial number from the label? Hard disk acquisitions with EnCase® Enterprise now read and document the true serial number and the volume serial number for the media. NOTE: Acquisitions made with versions 1–5 will NOT display this information.

Set Servlet Priority Level
Now you can set the CPU priority level of the servlet to Low, Medium, or High for the host machine.

Categorize DLLs
Create App Descriptors for DLLs the same way that you categorize hashed processes, then include them with your machine profiles.

DLLs are stored the same as Application and System files (click to enlarge)

Servlet Support for Novell®
EnCase® Enterprise now enables live investigations Novell systems (snapshot data only).

Enhanced Logging
The SAFE supports the logging of additional role-related activities, such as when a user previews a device, acquires a machine, and runs an EnScript® module.

Ipv6 Support
Version 6 supports reading and connecting to machines that use the networking IPv6 addressing protocol.


Live Reporting (click to enlarge)

Enhanced EnScript® Modules

Quick SnapShot
This EnScript module allows you to conduct a Snapshot on machines you are investigating with the single click of the mouse.

Web Interface option
New web viewing capability allows live reporting of SnapShot data through the web browser. Now you can review and share results without waiting for the script to complete.


Snapshot Differential Report using our new HTML Reporter (click to enlarge)

Differential SnapShot
This EnScript module analyzes multiple snapshot archive LEFs of a target machine and will generate a report to display changes between each snapshot.

Sweep Enterprise
The Sweep Enterprise script takes on a brand new look which includes new features and capabilities further enhancing your network scans.

Sweep Options

  • Servlet Priority: Allows control over the amount of resources the servlet uses when being accessed.
  • Enable Waiting for Servlet: Sweep Enterprise will continue to wait until the snapshot is complete and can be aborted by the user if need be.
  • Archive snapshots to logical evidence files.
 
 

 

 

 

© 2002-2008 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers