What’s New in EnCase® Forensic v7.03
Digital Investigations just got easier
EnCase® Forensic v7 introduced a new approach to digital investigations. In v7.03, the
transformation continues. The new capabilities in v7.03 will make completing your investigations
more efficient than ever before.
Stand-Alone EnCase® Processor License Now Included
The EnCase Processor is a new product designed with one purpose in mind – the acquisition
and processing of evidence. The stand-alone EnCase Processor gives organizations the ability
to dedicate a computer or computers solely to processing evidence. With this added capability,
organizations can build up a backlog of processed evidence ready and waiting for investigation.
The stand-alone EnCase Processor will increase productivity and efficiency for any organization.
Best of all, one EnCase Processor license is now included with all licenses of EnCase Forensic
v7 at no additional charge.
EnCase Review Package
The EnCase Review Package is an easy way for forensic examiners to share their findings with
detectives, D.A.s, field agents or anyone else interested in the case. But sharing evidence is only
part of the benefit.
With the review package, others who are not forensic specialists can review evidence, tag files,
and send their review results back to the forensic examiner to be incorporated into the case. For
instance, if the examiner discovers e-mails in German, the examiner can create a review package
for the e-mails, provide it to a translation specialist, and easily incorporate the translator’s review
results back into the case.
The EnCase Review package saves time by providing visibility into the evidence to a wide range
of people, allowing the examiner to complete investigations faster. The EnCase Review Package
is included in EnCase Forensic v7.03 at no additional charge.
EnCase Evidence Processor Enhancements
There are a number of valuable enhancements to the Evidence Processor in v7.03. First, the
processing of evidence has been increased significantly, resulting in evidence files being
processed significantly faster than in v7.03. The performance increase includes processing
additional artifacts in 7.03, such as unallocated space, Google Chrome Internet history, USB,
mapped and shared drive artifacts.
Processing Devices from a Local Preview
The EnCase Evidence Processor now processes devices from the Local Preview which allows
you to bypass acquiring these devices and directly process the evidence.
Support for Indexing Text in Slack and Unallocated Space
EnCase Forensic now supports indexing text in slack bytes and unallocated space. As you select
options for indexing within the Evidence Processor, you can choose to include text identified in
file slack and unallocated space.
Evidence Processor System Info Includes NetShare and USB Registry
Now the Evidence Processor can search NetShare and USB registry information in the
Records tab. With this capability users can see the UNC path visit history, the history of
connected devices, and then can correlate USB devices to their drive letters.
www.guidancesoftware.com
GUIDANCE SOFTWARE | EnCase Forensic v7
New Software and File System Support
Version 7.03 introduces support for the following software and file systems
•
•
Google Chrome
EXT4 Linux Software RAID Arrays (Ubuntu Version 9.1 and 10.04)
Updated Encryption Support
EnCase Forensic v7.03 allows users, with the appropriate credentials, to acquire and perform investigations on devices using any of the following
encryption products.
Vendor
Product
Supported Versions
64-bit Support
Check Point
Check Point Full Disk Encryption (Formerly Pointsec PC)