EnCase Forensic Edition
August 31, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
This is a tried and tested product with a wealth of experience behind it.
It lacks context-sensitive or online help.
With a large following and numerous third-party extensions, this is still the front runner.
EnCase is widely seen as the yardstick against which to measure other forensic software. It continues to develop, and version 4.19 brings new and improved features.
The new Physical Disk Emulator (PDE) module allows an image from a disk drive or CD-Rom to be mounted as if it was a local disk and examined using Windows Explorer. This feature has a number of possible applications, and is particularly useful for scanning a drive with programs that do not integrate with EnCase, but do integrate with Windows Explorer.
Virus scanners and viewers such as QuickView Plus, as well as standard Windows applications, can be used without compromising the data or the forensic system.
The EnCase Decryption Suite works on Microsoft's Encrypting File System (EFS), Outlook archive files and the Windows Registry to retrieve encrypted data.
Access to Outlook Express files has been improved, and includes automatic examination of deleted emails. The EnScript language has been extended with support for arrays, inheritance and virtual functions, and a number of existing scripts and filters have been updated with new functionality.
Installation was simple, although this system also requires a dongle before it will run in anything other than "acquisition mode."
This ties in with the licensing system, allowing data collection to be run on several machines while the forensic examination is carried out on another system equipped with the full software. This allows less skilled staff to be used in the field, while those with the forensic expertise conduct the investigations back at base.
Although there are some minor inconsistencies and omissions in the documentation, it is of a generally high standard and plentiful.
EnCase enjoys considerable third-party support in the shape of file viewers, password crackers, and mail viewers, among others, that help to extend its range and capabilities to provide a comprehensive forensic system.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries