How to optimize EnCase for a work-from-home workforce

The current global situation has necessitated home-working by many millions of employees, but in the legal and law-enforcement world, there is still a requirement to…

Anthony Di Bello profile picture

Anthony Di Bello

March 20, 20204 minutes read

Descriptive text explaining the contents of the image.

The current global situation has necessitated home-working by many millions of employees, but in the legal and law-enforcement world, there is still a requirement to investigate, respond to eDiscovery requests or maintain a secure environment with rapid incident response capabilities.

We introduced flexible deployment options for our OpenText™ EnCase™ solutions a number of years ago, and while the best practice for remote workers is a persistent connection to a VPN, we know this will not always be possible. And so, to help home-based employees to stay productive, following are some tips to help you overcome common “work-from-home” challenges and fully leverage OpenText™ EnCase™ Endpoint Investigator, OpenText™ EnCase™ eDiscovery and OpenText™ EnCase™ Endpoint Security.

NOTE: ALL FUNCTIONALITY AND OPTIONS DESCRIBED BELOW ARE AVAILABLE TO CUSTOMERS TODAY WITH NO ADDITIONAL CHARGES. AND IF YOU NEED ANY ASSISTANCE ON ANYTHING RELATING TO YOUR ENCASE SOLUTION, CONTACT US AT EnCaseWFHsupport@opentext.com.

The Enhanced Agent

EnCase Endpoint Investigator, EnCase eDiscovery and EnCase Endpoint Security all support Enhanced Agent functionality critical to extending capabilities out to a remote workforce. If you have yet to configure the Enhanced Agent for use in your environment, now is the time to ensure the functionality is enabled and deployed.

The Enhanced Agent is designed to perform operations local to the employee system, pushing back results whenever VPN connection is re-established. For EnCase Endpoint Investigator and EnCase eDiscovery, this means confidently conducting investigations and performing eDiscovery collections. For EnCase Endpoint Security, this means persistent real-time threat detection on and off the network.

To assist in managing bandwidth constraints, the Enhanced Agent does not require an all-or-nothing approach. If you are only interested in critical devices/employees, you can restrict the use of the Enhanced Agent to meet those needs.

Sometimes it’s not practical to wait for VPN connectivity to receive results. In that case, all you need is a cloud-based repository with a public-facing UNC path and EnCase can be configured to point to that path for data transmission.

The Check-in Agent (EnCase Endpoint Investigator only)

As an alternative to the Enhanced Agent approach, EnCase Endpoint Investigator supports a feature known as “Check-in Agent” where the standard Passive Agent can be configured to ‘check-in’ upon a VPN connection for specific operations such as Sweep Enterprise, Snapshot and File Processor jobs. Alternatively, a SAFE can be set up in the DMZ for check-in functionality, and the Snapshot job can even be set to run continuously with this option.

While job validation is not supported for Check-in agent-based jobs – if a device disconnects the job is simply marked as “completed” – many customers feel having this option is better than no ability at all. Therefore, we recommend this option only if the Enhanced Agent approach is not one you are able to take.

Unlimited Components

As a customer of EnCase Endpoint Investigator, EnCase eDiscovery, or EnCase Endpoint Security you are entitled to ‘all-you-can-eat’ software components allowing you to scale out operations to cover all situations, and ensuring that your  EnCase architecture is set up in an optimal way to overcome bandwidth, resource or geographical constraints.

EnCase Portable devices (EnCase Endpoint Investigator only)

EnCase Endpoint Investigator can be used to create a “portable” collection USB. This device can then be mailed to wherever an employee is working for on-site collection. No EnCase knowledge is needed by the person performing the collection on-site.

For specific questions related to the use or configuration of your EnCase products as your organization maintains work-from-home policies, please email us at EnCaseWFHsupport@opentext.com. For more information on the tips covered above, check out the relevant user guides here.

Share this post

Share this post to x. Share to linkedin. Mail to
Anthony Di Bello avatar image

Anthony Di Bello

Anthony Di Bello serves as VP, Strategic Development for OpenText. A 13-year veteran of the cybersecurity and digital forensic incident response sector, he leads strategic planning and direction for cybersecurity solutions. Anthony joined OpenText with the Acquisition of Guidance software where he spent the previous 12 years, as Sr. Director of Products responsible for the voice of the customer, product roadmaps and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products.

See all posts

More from the author

JBS Ransomware attack highlights need for early detection and rapid response

JBS Ransomware attack highlights need for early detection and rapid response

Over the past couple of months cyber-criminals have targeted organizations critical to our supply chain. The most recent of these attacks was against JBS, the…

June 9, 2021 4 minutes read
The three problems OpenText Security will be talking about at RSA

The three problems OpenText Security will be talking about at RSA

RSA 2019 is right around the corner. The most exciting security conference of the year – apart from OpenText™ Enfuse of course – RSA is a…

February 28, 2019 4 minutes read
Continuous monitoring and advanced threat detection for the global enterprise

Continuous monitoring and advanced threat detection for the global enterprise

Information Security Continuous Monitoring (ISCM) projects can be expensive, data and network intensive implementations which often end in frustration for global organizations. Common approaches to…

November 13, 2018 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.