Law enforcement, government agencies and corporate enterprises alike count on their digital forensic technology to keep evolving alongside their growing needs. In 2017, OpenText™ acquired Guidance Software, makers of EnCase products for forensic investigations, endpoint security, and e-Discovery. Now, we’re excited to announce the release of version 8.07 of EnCase Forensic™ and its more expansive counterpart EnCase Endpoint Investigator™ (together, “EnCase Forensic/EI”) as part of OpenText Release 16 EP4.
This new release reflects OpenText’s ongoing commitment to law enforcement, DFIR (Digital Forensic Incident Response) and other digital investigation professionals worldwide, including the more than 6,600 that have already earned the EnCE™ certification. As we continue to enhance EnCase Forensic/EI to support this extensive base of investigative users, here are 7 key needs we are focused on:
1. Investigators need to cover all operating systems
Investigators can’t allow their efforts to be impeded by a late-generation OS. With version 8.07, EnCase Forensic/EI now supports Apple File System (APFS), enabling targeted collection of forensic data from computers running Apple High Sierra (macOS 10.13).
2. Investigators need to reach all the data
Version 8.07 enhances EnCase Forensic/EI’s encryption support, adding the ability to reach files on endpoints running BitLocker for Windows 10, Dell Data Protection 8.17, and Symantec PGP 10.3. It also supports Volume Shadow Snapshots (VSS) to recover even more deleted and modified files – as well as full volumes – from Windows systems.
3. Investigators need to span all devices
Investigators need to explore an ever-growing range of evidentiary sources, including smartphones, tablets, IoT devices and cloud storage and services. The EnCase Forensic/EI includes over 26,000 mobile device profiles built right in. They can even parse Amazon Alexa data, and we will expand into more cloud sources and devices as we continue to evolve.
4. Investigators need to be discreet
EnCase Forensic/EI leverages a lightweight, unified EnCase agent that resides at the kernel level. This allows investigators to collect discretely from laptops and other endpoints without notifying the subject (data owner, user, or person of interest). Enterprises have deployed EnCase agents on over 40 million endpoints, and can optionally activate an enhanced EnCase agent that continues the evidence collection process even when the endpoint is off-network.
5. Investigators need to work globally
Version 8.07 broadens EnCase Forensic/EI’s foreign language support, with a user interface that supports 14 different languages and an index that supports an even wider range of languages. The index also features language-specific tokenization, which is particularly helpful when investigating data in pictorial languages (like Korean).
6. Investigators need to control access
Keeping investigations exclusive to authorized personnel can be of critical importance, particularly for law enforcement and regulatory agencies. EnCase Forensic/EI supports CAC Cards and PKI for supplemental user credential control and will continue to invest in multi-factor authentication methodologies.
7. Investigators need to scale
Investigators have no choice but to search and scrutinize ever-broadening volumes of collected data. Starting with version 8.06 (released in 2017) and into the new 8.07 release, EnCase Forensic/EI features a reengineered indexing engine for dramatically faster performance and greater scalability.
EnCase Forensic/EI was recently named Best Computer Forensic Solution by SC Magazine for the 8th year in a row. OpenText takes this proud heritage seriously, and is committed to continuing to deliver the industry gold standard for digital investigations.
