Enhanced Windows Operating System Support
Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you
to perform dead-box investigations and aids in the deployment of servlets to live-boxes. EnCase
Forensic also provides support for:

• Servlet for Windows 8 and Windows Server 2012
• Windows 8 artifact support:

　　　＊Registry parsing
       ＊System information parsing

• Windows 8 BitLocker
• Parsing Windows 7 Automatic Destinations (jump lists) and their link files
• Windows 7 thumbs.db parsing

Macintosh Operating System Enhancements
Macintosh Artifacts
Version 7.06 includes support for the following Macintosh artifacts:

• Displays all HFS+ file system compressed files as uncompressed
• Supports Finder information and extended file attributes
• Displays security Access Control Lists (ACLs)
• Improved support for OS X Trash items

Macintosh OS X and Installer
EnCase Forensic now supports Mac OS X 10.8. This update includes an enhanced Mac installer
that supports “launchd”, a unified, open-source service management framework for starting,
stopping, and managing daemons, applications, processes, and scripts.

Macintosh Logical Volumes
EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to
systems via servlets, the servlet interacts with the operating system to address the volume.
Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.

Enhanced Tablet Support
EnCase Forensic Version 7.06 adds support for the following tablets:

• Google Nexus 7
• Acer Iconia Tab A500
• Samsung Galaxy Tab 2
• Kindle Fire HD (support for Lightspeed browser artifacts and social media)

Android OS and Device Acquisition Support
EnCase Forensic supports logical and physical acquisition of devices, including phones and
tablets, running Android OS Version 4, Ice Cream Sandwich, Version 4.1-2, and Jelly Bean.

Artifact support has been expanded to include the ability to process Android physical evidence
files (E01) and produce logical evidence files (L01) containing common smartphone categories:
contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data
partition and a navigable file/folder hierarchy.

EnCase Basic (原名EnCase Enterprise)
Guidance Software的EnCase方案提供一個企業調查架構，讓公司開展有效的數字調查，快速回應eDiscovery請求，並滿足其他大規模資料收集的需要。對於外部的攻擊採取積極的防禦行動，為公司節省時間、金錢並降低風險！

功能

• Reduce costs and improve efficiencies with a centralized digital investigation capability
• Increase confidence in findings by using the #1 solution for remote investigations
• Achieve compliance with regulatory investigation requirements
• Uncover potential evidence faster than ever using advance searching capabilities
• Improve efficiency by automating common investigation tasks
• Preserve evidence integrity with the court vetted EnCase® evidence file format
• Enable the foundation for digital investigation, incident response, and electronic data discovery

特色

Dependable Results
Investigators can be confident in their findings when using the proven, trusted, industry-leading forensic solution.

Powerful Search
Uncover critical evidence using advanced search capabilities to identify data that would be irretrievable with other computer forensic applications.

Automation
Improved efficiency by automating investigative tasks with EnScript®; the scripting extension built-into EnCase Enterprise.

Court Vetted
EnCase Enterprise preserves data in an evidence file format (LEF or E01) with an unsurpassed record of court acceptance.

EnCase eDiscovery
Version 5 is the latest release of EnCase® eDiscovery, the leading enterprise e-discovery solution that provides everything from legal-hold and collection to review and production, delivering potentially relevant electronically stored evidence (ESI) and results that are accurate, defensible, and repeatable. EnCase eDiscovery V5 includes several new features and enhancements to help you and your e-discovery team significantly lower costs, reduce risk, and swiftly gather more types of information in more languages and from more locations than before.

Key Features for Legal

Key Features for IT

EnCase Portable
EnCase Portable is a powerful solution, delivered on a USB device, that allows forensic professionals and non-experts to quickly and easily triage and collect vital data in a forensically sound and court-proven manner

Increase Your Reach
Extend the reach of your investigation, e-discovery, incident response, or IT teams without sending experts into the field. Based on the situation, EnCase® Portable can be used in Easy Mode for non-experts, or Advanced Mode to create and edit configurations in the field.

Forensically Sound Triage and Collection
Triage and collect while preserving metadata and maintaining evidence integrity. Collected data is preserved in the court-vetted EnCase® evidence file format; the most trusted format in the forensic community.

Fast, Powerful Triage
Instantly and easily view images, documents, and other digital evidence found on a target computer.

Customizable Collection Configuration
Use keywords, metadata, hash values, and other criteria to perform targeted collection, as well as full-disk imaging and memory acquisition.   

Dual Triage and Collection Modes
Live mode – collect memory from running computers
Boot mode – collect from computers that are turned off

EnCase® Risk Manager
主動識別，分類和修復敏感數據
旨在主動識別，分類和修復整個企業中的私人或敏感數據。我們的新解決方案提供自動修復功能，與系統無關，無論位於何處，都可以跨所有端點和數據存儲提供最深入的電子數據洞察和控制。這使組織能夠改善商業智能，確保合規性並減輕許多類型的風險。

EnCase® Endpoint Security
Earlier Detection, Faster Decisions and Unprecedented Threat Response.
OpenText™EnCase™Endpoint Security的取證檢測和響應功能。這種無代理和基於雲的技術通過簡化的部署實現了企業範圍的威脅評估，並具有經過驗證的可擴展性和靈活性。重要警報將傳遞給Endpoint Security，以提供同類最佳的自動響應功能。

早期檢測
更早檢測組織獨有的難以捉摸的風險、威脅和異常活動, 從而縮短了您的平均發現時間。

更快的決策
使用時間緊迫的終結點遙測, 您可以在安全事件發生時對其進行驗證或關閉, 消除丟失該重要警示的可能性, 並確保從安全投資中獲得持續回報。

Forensic-Grade 的回應
單一、靈活的平臺, 可提供自動和按需回應, 簡化工作流程, 並輕鬆將終結點恢復到受信任狀態。
 

EnCase® Endpoint Investigator
提供功能最強大且易於使用的遠程取證安全解決方案。

• 執行任何類型的內部或監管調查
• 從網絡外端點收集數據以保持調查的進行
• 謹慎地工作，不會中斷業務或提醒員工

EnCase® Mobile Investigator
EnCase Mobile Investigator augments the mobile acquisition capabilities of EnCase Forensic with the ability to intuitively view, analyze, and report on critical mobile evidence that is relevant to their case. With mobile-first workflows, in-depth evidence analysis, and flexible report generation, investigators can feel confident in their results.

EnCase Cybersecurity
EnCase Cybersecurity is the endpoint incident response and data auditing software solution designed to reduce costs and complexities associated with the incident response process and reduce the risk of exposing sensitive data to loss or theft.

EnCase Cybersecurity helps prioritize analysis of potentially infected systems, determine source and scope of an incident, identify potential data loss scenarios and minimize time to remediation.

When integrated with the alerting or event management solution of your choice, the power of EnCase Cybersecurity shines — the moment an alert or event is generated, real-time response automatically captures critical endpoint information before it has a chance to decay or disappear altogether — giving you the information you need to quickly and accurately determine what actually happened.

The EnCase Cybersecurity Advantage:

• From the initial investigation through triage to remediation, EnCase Cybersecurity fully addresses endpoint incident response and is the preferred solution for government agencies and leading financial, retail and entertainment organizations
• Integrates with any security event management or alerting system to enable automated, real-time response, allowing you to capture critical endpoint data the moment an alert is generated, even if it happens at 2 a.m.
• Built upon gold-standard EnCase Forensic technology, EnCase Cybersecurity exposes both unknown threats, artifacts related to an incident and sensitive data residing on endpoints, no matter how well hidden
• Backed by our incident response expert services that provide industry best practices, integration services, training and the industry recognized EnCE® certification