Enhanced Windows Operating System Support
Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you
to perform dead-box investigations and aids in the deployment of servlets to live-boxes. EnCase
Forensic also provides support for:

• Servlet for Windows 8 and Windows Server 2012
• Windows 8 artifact support:

　　　＊Registry parsing
       ＊System information parsing

• Windows 8 BitLocker
• Parsing Windows 7 Automatic Destinations (jump lists) and their link files
• Windows 7 thumbs.db parsing

Macintosh Operating System Enhancements
Macintosh Artifacts
Version 7.06 includes support for the following Macintosh artifacts:

• Displays all HFS+ file system compressed files as uncompressed
• Supports Finder information and extended file attributes
• Displays security Access Control Lists (ACLs)
• Improved support for OS X Trash items

Macintosh OS X and Installer
EnCase Forensic now supports Mac OS X 10.8. This update includes an enhanced Mac installer
that supports “launchd”, a unified, open-source service management framework for starting,
stopping, and managing daemons, applications, processes, and scripts.

Macintosh Logical Volumes
EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to
systems via servlets, the servlet interacts with the operating system to address the volume.
Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.

Enhanced Tablet Support
EnCase Forensic Version 7.06 adds support for the following tablets:

• Google Nexus 7
• Acer Iconia Tab A500
• Samsung Galaxy Tab 2
• Kindle Fire HD (support for Lightspeed browser artifacts and social media)

Android OS and Device Acquisition Support
EnCase Forensic supports logical and physical acquisition of devices, including phones and
tablets, running Android OS Version 4, Ice Cream Sandwich, Version 4.1-2, and Jelly Bean.

Artifact support has been expanded to include the ability to process Android physical evidence
files (E01) and produce logical evidence files (L01) containing common smartphone categories:
contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data
partition and a navigable file/folder hierarchy.

Encryption Support
EnCase Forensic now supports the following encryption products:

EnCase Enterprise
Guidance Software的EnCase方案提供一個企業調查架構，讓公司開展有效的數字調查，快速回應eDiscovery請求，並滿足其他大規模資料收集的需要。對於外部的攻擊採取積極的防禦行動，為公司節省時間、金錢並降低風險！

功能

• Reduce costs and improve efficiencies with a centralized digital investigation capability
• Increase confidence in findings by using the #1 solution for remote investigations
• Achieve compliance with regulatory investigation requirements
• Uncover potential evidence faster than ever using advance searching capabilities
• Improve efficiency by automating common investigation tasks
• Preserve evidence integrity with the court vetted EnCase® evidence file format
• Enable the foundation for digital investigation, incident response, and electronic data discovery

特色

Dependable Results
Investigators can be confident in their findings when using the proven, trusted, industry-leading forensic solution.

Powerful Search
Uncover critical evidence using advanced search capabilities to identify data that would be irretrievable with other computer forensic applications.

Automation
Improved efficiency by automating investigative tasks with EnScript®; the scripting extension built-into EnCase Enterprise.

Court Vetted
EnCase Enterprise preserves data in an evidence file format (LEF or E01) with an unsurpassed record of court acceptance.

EnCase eDiscovery
Version 5 is the latest release of EnCase® eDiscovery, the leading enterprise e-discovery solution that provides everything from legal-hold and collection to review and production, delivering potentially relevant electronically stored evidence (ESI) and results that are accurate, defensible, and repeatable. EnCase eDiscovery V5 includes several new features and enhancements to help you and your e-discovery team significantly lower costs, reduce risk, and swiftly gather more types of information in more languages and from more locations than before.

Key Features for Legal

Key Features for IT

EnCase Cybersecurity
EnCase Cybersecurity is the endpoint incident response and data auditing software solution designed to reduce costs and complexities associated with the incident response process and reduce the risk of exposing sensitive data to loss or theft.

EnCase Cybersecurity helps prioritize analysis of potentially infected systems, determine source and scope of an incident, identify potential data loss scenarios and minimize time to remediation.

When integrated with the alerting or event management solution of your choice, the power of EnCase Cybersecurity shines — the moment an alert or event is generated, real-time response automatically captures critical endpoint information before it has a chance to decay or disappear altogether — giving you the information you need to quickly and accurately determine what actually happened.

The EnCase Cybersecurity Advantage:

• From the initial investigation through triage to remediation, EnCase Cybersecurity fully addresses endpoint incident response and is the preferred solution for government agencies and leading financial, retail and entertainment organizations
• Integrates with any security event management or alerting system to enable automated, real-time response, allowing you to capture critical endpoint data the moment an alert is generated, even if it happens at 2 a.m.
• Built upon gold-standard EnCase Forensic technology, EnCase Cybersecurity exposes both unknown threats, artifacts related to an incident and sensitive data residing on endpoints, no matter how well hidden
• Backed by our incident response expert services that provide industry best practices, integration services, training and the industry recognized EnCE® certification

EnCase Portable
EnCase Portable is a powerful solution, delivered on a USB device, that allows forensic professionals and non-experts to quickly and easily triage and collect vital data in a forensically sound and court-proven manner

Increase Your Reach
Extend the reach of your investigation, e-discovery, incident response, or IT teams without sending experts into the field. Based on the situation, EnCase® Portable can be used in Easy Mode for non-experts, or Advanced Mode to create and edit configurations in the field.

Forensically Sound Triage and Collection
Triage and collect while preserving metadata and maintaining evidence integrity. Collected data is preserved in the court-vetted EnCase® evidence file format; the most trusted format in the forensic community.

Fast, Powerful Triage
Instantly and easily view images, documents, and other digital evidence found on a target computer.

Customizable Collection Configuration
Use keywords, metadata, hash values, and other criteria to perform targeted collection, as well as full-disk imaging and memory acquisition.   

Dual Triage and Collection Modes
Live mode – collect memory from running computers
Boot mode – collect from computers that are turned off