How to optimize EnCase for a work-from-home workforce

Overcome common challenges and fully leverage EnCase Endpoint Investigator, EnCase eDiscovery and EnCase Endpoint Security

The current global situation has necessitated home-working by many millions of employees, but in the legal and law-enforcement world, there is still a requirement to investigate, respond to eDiscovery requests or maintain a secure environment with rapid incident response capabilities.

We introduced flexible deployment options for our OpenText™ EnCase™ solutions a number of years ago, and while the best practice for remote workers is a persistent connection to a VPN, we know this will not always be possible. And so, to help home-based employees to stay productive, following are some tips to help you overcome common “work-from-home” challenges and fully leverage OpenText™ EnCase™ Endpoint Investigator, OpenText™ EnCase™ eDiscovery and OpenText™ EnCase™ Endpoint Security.


The Enhanced Agent

EnCase Endpoint Investigator, EnCase eDiscovery and EnCase Endpoint Security all support Enhanced Agent functionality critical to extending capabilities out to a remote workforce. If you have yet to configure the Enhanced Agent for use in your environment, now is the time to ensure the functionality is enabled and deployed.

The Enhanced Agent is designed to perform operations local to the employee system, pushing back results whenever VPN connection is re-established. For EnCase Endpoint Investigator and EnCase eDiscovery, this means confidently conducting investigations and performing eDiscovery collections. For EnCase Endpoint Security, this means persistent real-time threat detection on and off the network.

To assist in managing bandwidth constraints, the Enhanced Agent does not require an all-or-nothing approach. If you are only interested in critical devices/employees, you can restrict the use of the Enhanced Agent to meet those needs.

Sometimes it’s not practical to wait for VPN connectivity to receive results. In that case, all you need is a cloud-based repository with a public-facing UNC path and EnCase can be configured to point to that path for data transmission.

The Check-in Agent (EnCase Endpoint Investigator only)

As an alternative to the Enhanced Agent approach, EnCase Endpoint Investigator supports a feature known as “Check-in Agent” where the standard Passive Agent can be configured to ‘check-in’ upon a VPN connection for specific operations such as Sweep Enterprise, Snapshot and File Processor jobs. Alternatively, a SAFE can be set up in the DMZ for check-in functionality, and the Snapshot job can even be set to run continuously with this option.

While job validation is not supported for Check-in agent-based jobs – if a device disconnects the job is simply marked as “completed” – many customers feel having this option is better than no ability at all. Therefore, we recommend this option only if the Enhanced Agent approach is not one you are able to take.

Unlimited Components

As a customer of EnCase Endpoint Investigator, EnCase eDiscovery, or EnCase Endpoint Security you are entitled to ‘all-you-can-eat’ software components allowing you to scale out operations to cover all situations, and ensuring that your  EnCase architecture is set up in an optimal way to overcome bandwidth, resource or geographical constraints.

EnCase Portable devices (EnCase Endpoint Investigator only)

EnCase Endpoint Investigator can be used to create a “portable” collection USB. This device can then be mailed to wherever an employee is working for on-site collection. No EnCase knowledge is needed by the person performing the collection on-site.

For specific questions related to the use or configuration of your EnCase products as your organization maintains work-from-home policies, please email us at For more information on the tips covered above, check out the relevant user guides here.

Anthony Di Bello

Anthony Di Bello serves as VP, Strategic Development for OpenText. A 13-year veteran of the cybersecurity and digital forensic incident response sector, he leads strategic planning and direction for cybersecurity solutions. Anthony joined OpenText with the Acquisition of Guidance software where he spent the previous 12 years, as Sr. Director of Products responsible for the voice of the customer, product roadmaps and go-to-market strategy across Guidance Software forensic security, data risk management and digital investigations products.

Related Posts

Back to top button