I’ve recently taken to tweeting about some of the latest additions to EnCase App Central and it’s been a reminder of the impressive ingenuity and dedication within the digital investigations community. Our humble app store has grown to house over 100 solutions, extending and increasing the efficiency and efficacy of digital investigations. At Guidance Software, we take pride in shipping software that helps investigators find more evidence, faster and we see EnCase App Central as a key component of EnCase.
There is truly no one tool or organization that can claim to address the diverse needs of today’s digital investigators. There are just too many artifacts, spread across too many devices and more are presented every day. As a product manager at Guidance Software I can safely say: there are not enough engineers in any one company to put the best tools in front of investigators. However, through EnCase App Central, we think investigators have a fighting chance, and we think investigators should take this into account when investing their time in a toolset. We aim to provide two things:
Comprehensiveness: Extend the power of your EnCase investment with timely, sophisticated analysis.
- Do you need to parse SMS messages from a Nokia Lumia 610 chipoff image?
- Would you like to perform live memory analysis using the Volatility Framework within EnCase?
- Shouldn’t you be able to search analysis results from EnCase, Magnet Forensics IEF and Belkasoft Evidence Center in one place?
Apps to help you search and explore your case
Keyword Search with Range Bookmarking: A common request in many an investigation: Perform raw keyword search and bookmark a specified number bytes on either side of the hit.
Categorize File Extensions & Bookmark Them: Define criteria and then automatically bookmark resulting files into sub-folders by file type. This app does the heavy lifting of sorting and categorizing, allowing you to review and connect the dots in the case.
Export by Extension: Export all files that match a list of extensions entered. Simple. Time-saving.
Create Result Sets for Hash Categories: Create Result Sets containing items that match each of the hash categories in your case. Get to the review stage of your investigation faster.
Create Result Set Excluding Unwanted Items: Take a hash library with a “Known” category and quickly create a Result Set containing just what you want, and explicitly exclude items you do not by file path, file type, file extension and more.
Search and Bookmark Specific Data Types: Search for one or more keywords and bookmark with a specific data-type encoding (picture, ROT13, low ASCII, etc.).
CompoundFileMounter: Mounts compound files in bulk, so they may be searched more easily by Evidence Processor.
Apps for malware investigations
Team Cymru Malware Hash Registry Search: Query the Team Cymru Malware Hash Registry directly from your case.
Md5MalwareDbCheck: Save your fingers from monotonous copy/paste operations between one tool and another. Check for malicious files on VirusTotal.com or ThreatExpert.com, querying directly from your case in EnCase.
Low Hanging Fruit: Correlate unique hashes in EnCase against external hash libraries, to help efficiently identify potentially malicious files.
VirusShare.com Hash Library: A repository of malware samples, built in the EnCase Hash Library format. The latest version includes 0 through 119 torrents.
C-TAK (Cyber-Threat Analytics Knowledgebase): WetStone’s fully integrated threat identification app provides the know-how of WetStone, unleashed on your case to identify potentially malicious files.
Volatility Reporting Plugin: Memory analysis tools, launched from and integrated into EnCase. The latest update from John Lukach incorporates user feedback to deliver even more efficiency to malware investigations.
MemoryAnalysis: Automated memory analysis for Windows, OS X and Linux RAM images.
In my next post, I’ll focus on Apps to parse and analyze evidence as well as apps to help you manage your investigation.
If you have questions, would like to learn more, or have ideas for apps you’d like to see, feel free to start the discussion below.
No comments :
Post a Comment