As technology evolves, so do the challenges of digital forensic investigation. Whether in the field or the lab, digital forensic examiners need to overcome investigation roadblocks like OS updates, encryption, new file types, acquisition from the cloud, and more. OpenText ™ EnCase™ Forensic, the industry’s leading digital forensic solution, is more than up to the task.
Take digital investigation to the next level with new features of version 8.08
With Encase Forensic 8.08, you can now acquire evidence from cloud and on-premises services. Additionally, EnCase Forensic now supports the acquisition of evidence from:
- Microsoft® Office 365®
- Microsoft® Exchange
- Microsoft® SharePoint®
This latest release enables investigators to acquire evidence from any mailbox in their domain with cloud and on-premise collection for Microsoft® Office 365®. Investigators can initiate collection from cloud or on-premise services and then continue working on other aspects of the case while EnCase works in the background to collect the information and drop the evidence directly into the case as a LX01/L01 file, all while preserving the forensic integrity of the evidence.
Support for Symantec Endpoint encryption
EnCase Forensic now supports Symantec Endpoint Encryption v11.1.3 and v11.2.
Support for Dell Full Disk encryption
EnCase Forensic now supports Dell full disk encryption on 32-bit and 64-bit physical machines running Windows 8 or Windows 10. Dell introduced its Full disk encryption product about a year ago. OpenText is the first and only vendor to support this encryption.
Support for APFS Encryption
EnCase v8.08 includes support for APFS (Apple File System) and File Vault 2 encryption, building on EnCasev8.07 ability to mount and parse APFS volumes and support the APFS file format.
Support for Microsoft Edge internet artifacts
EnCase Forensic now supports Microsoft Edge. The following Microsoft Edge Internet artifacts are parsed:
- Bookmarks
- Cache
- Cookies
- Downloads
- History
- Page Settings
- Top Sites
- Web Notes
Mobile Acquisition Enhancements
The following enhancements and updates have been made for EnCase Mobile Acquisition:
- Additional Android devices are now supported via the new Android MTK Expert (physical) plugin. Physical acquisitions of devices can now be performed using the MTK chipset.
- Users can now parse Opera application data on Android devices. Investigators can analyze browsing history, bookmarks, and downloads.
- Parsing of Evernote application data on iOS devices has been improved. Users can now parse Evernote chat messages, contacts, and media attachments. Minor issues have been fixed.
- Binary files Date/Time properties are now acquired in date time format.
As a trusted partner for law enforcement, federal, and corporate examiners, EnCase Forensic is the gold-standard in modern digital investigations. Field-tested and courtroom-approved, EnCase Forensic encompasses powerful evidence processing and integrated investigation workflows with flexible reporting options, all while maintaining evidence integrity.
The EnCase evidence file format has been used to preserve digital evidence in thousands of cases and is cited in over 100 court opinions. No other solution offers the same level of functionality, flexibility, and track record of court-acceptance.
Learn more
To learn more, check out the excellent SANS review of EnCase Forensic 8, visit our product webpage, or talk to an EnCase Forensic Expert.
