July 21, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
Massive feature set and active user community.
Complex with a steep learning curve.
Still way out ahead of the pack.
Guidance Software's EnCase product is the undisputed heavyweight of the forensic software market, and version 5.0 introduces a slew of new features that will keep its opposition firmly on the ropes.
The most immediate change is the improved GUI. Menus have been rearranged and some panes improved. It took a little time to get used to the new arrangement, but it definitely felt faster and more polished to use, and all our acquisition and analysis tasks were accomplished with ease.
Other new features include much better support for decoding web caches from many different web browsers, reading common mailbox formats and acquiring data from live Linux systems. EnCase already supported the broadest set of file systems in the industry, but now it can read TiVos too and, more practically, resolve symbolic links in Unix file systems.
The complexity of the software is considerable. Because of its vast armory of tools, getting to grips with the product is no mean feat. You really do need Guidance's excellent training. Going off half-cocked would be dangerous, as defense attorneys are also familiar with the product now and will attack any perceived flaw in its use.
A major advantage of EnCase is not a software feature at all, but its active user community who contribute scripts, assist fellow forensic examiners with problems and discuss best practice in user forums. In any market space, this can be a decisive factor in setting the leaders apart from the rest of the field, and Guidance has done well in fostering this community.
Widely used by forensic investigators in police forces and the private sector, EnCase could suffer from its own popularity. Just as exploit writers aim at widely-used targets, criminals seeking to hide data might hope to fox most investigations simply by ensuring they do so in a manner EnCase cannot currently handle – we were able to hide data by manipulating file headers in an unexpected way.
Guidance controls its licensing with an iron hand, so the criminal community would hopefully not have this degree of access, but that is no guarantee.
Overall, we can find no fault with EnCase. Previous versions have performed solidly, and version 5.0 is a worthy upgrade.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears