Acquire from Almost Anywhere
Acquire data from disk or RAM, documents, images, e-mail, webmail, Internet artifacts, Web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, workstations, servers, and with Version 7: smartphones and tablets.

Forensically Sound Acquisition
EnCase® Forensic produces an exact binary duplicate of the original drive or media, then verifies it by generating MD5 hash values for related image files and assigning CRC values to the data. These checks and balances reveal when evidence has been tampered with or altered, helping to keep all digital evidence forensically sound for use in court proceedings or internal investigations.

Advanced Analysis
Recover files and partitions, detect deleted files by parsing event logs, file signature analysis, and hash analysis, even within compounded files or unallocated disk space.

Improved Productivity
Examiners can preview results while data is being acquired. Once the image files are created, examiners can search and analyze multiple drives or media simultaneously.

Automated de-NISTing Capabilities
The National Software Reference Library (NSRL) is provided in the EnCase hash library format, allowing user to easily de-NIST their evidence, eliminating thousands of known files from their evidence set. This reduces the time and amount of data that needs to be analyzed significantly.

Multiple File Viewer Support
View hundreds of file formats in native form, built-in Registry viewer, integrated photo viewer, see results on a timeline/calendar.

Customizable and Extensible with EnScript®
EnCase® Forensic features EnScript® programming capabilities. EnScript®, an object-oriented programming language similar to Java or C++, allows users create to custom programs to help them automate time-consuming investigative tasks, such as searching and analyzing specific document types or other labor-intensive processes and procedures. This power can be harnessed by any level of investigator the “Case Developer” or one of the numerous built-in filters.

Automatic Reports
Export reports with lists of all files and folders along with detailed list of URLs, with dates and time of visits. Provide hard drive information and details related to the acquisition, drive geometry, folder structure, etc.

Actionable Data
Once investigators have identified relevant evidence, they can create a comprehensive report for presentation in court, to management or stakeholders in the outcome of the investigation.

Integration to Passware Kit Forensic
Use the Evidence Processor to automate the detection of encrypted files. Once the files are decrypted by Passware Kit Forensic* they can be easily integrated back into EnCase Forensic for further analysis.
*Passware Kit Forensic license sold separately. Contact Sales for more information.

• Enhanced and simplified workflow
• Centralized hold management
• All-in-one legal hold creation
• Global legal-hold reminders
• Personalized custodian dashboard
• More flexible reporting

• Lower risk
• Easier custodian process management
• Greater efficiency
• More reports in more formats

• One-click upload of data collected in EnCase eDiscovery to CaseCentral Review
• Automated uploads to the secure hosted review platform
• Move subsets to review as needed
• Includes metadata and other subjective fields (tags) for each item

• Faster collaborative review
• Reduced time to ECA
• Greater contributions by non-technical and non-legal team members
• More complete collection of more types of data

• Improved Unicode support enables the following for data in all known foreign languages:

• Cast a wider net for faster and more complete collection

• Centralized examiner management is implemented as a true Windows service

• Enables examiners to more quickly resume work from the point of interruption in case of system issues

• Indexing
• Searching
• Displaying

• Able to handle global data sets with one solution

• Amazon S3
• IBM Connections
• Lotus Quickr

• Collect from more sources more easily

• More methods associated with custodians and cyber security investigations are exposed in the web API

• Gives you greater flexibility to create custom workflows

• Data is now indexed by individual field, including Microsoft Office 2007 metadata fields

• Search for a data value within a specific metadata field in Microsoft Office 2007

• E01 and L01 evidence formats are now available in encrypted versions as Ex01 and Lx01

• Read and work with encrypted evidence

• Streamlined workflow for collecting, processing, and delivering data

• Greater efficiency and lower costs of legal-hold processes
• Higher productivity for even non-technical and non-legal team members