EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.
The company also offers EnCase training and certification.
Data recovered by EnCase has been used in various court systems, such as in the cases of the BTK Killer and the murder of Danielle van Dam.
Video EnCase
EnCase Product Line
EnCase technology is available within a number of products, currently including: EnCase Forensic, EnCase Cybersecurity, EnCase eDiscovery, and EnCase Portable. Guidance Software also runs training courses and certification, over 100000 individuals have completed the training to date.
Maps EnCase
Features
EnCase contains tools for several areas of the digital forensic process; acquisition, analysis and reporting. The software also includes a scripting facility called EnScript with various API's for interacting with evidence.
Expert Witness File Format
EnCase contains functionality to create forensic images of suspect media. Images are stored in proprietary Expert Witness File format; the compressible file format is prefixed with case data information and consists of a bit-by-bit (i.e. exact) copy of the media inter-spaced with CRC hashes for every 64K of data. The file format also appends an MD5 hash of the entire drive as a footer.
Mobile forensics
As of EnCase V7, Mobile Phone Analysis is possible with the addition some add-ons available from Guidance Software.
References
Further reading
- Garber, Lee. "EnCase: A Case Study in Computer-Forensic Technology" (PDF). IEEE Computer Society. Retrieved 10 November 2010.
External links
- Guidance Software web site
Source of the article : Wikipedia