EnCase and Python – Automating Windows Phone 8 Analysis

James Habben

Roll Call

You may have read my introductory post about using Python scripts with encase. You may have also read my part 2 follow-up, which put a GUI on top of Didier Stevens’ pdf-parser. Did you also read Kevin Breen’s post? He wrote about using EnScript to call out to David Kovar’s analyzemft script using EnScript. Then Chip wrote a post about sending data out to get parsed by parser-usnjrnl.

EnCase and NetClean Collaborate to Increase Investigator Efficiency

Johann Hofmann

We started working with Guidance Software in the USA and spoke to the company’s Product Manager Ken Mizota about how this made customers much more efficient.

”After looking at the capability of NetClean Analyze, we became very interested in working closely with NetClean. By allowing our tools to work together, we will be giving our customers valuable assistance,” says Mizota.

Guidance Software’s EnCase® tool is used for collecting, processing and analyzing forensic data. Because it’s an open platform, the company works with multiple suppliers of complementary products that use data from EnCase. But a software application that analyzes and categorizes images in as sophisticated a way as NetClean Analyze does is extremely valuable, he says.

”We’re seeing that it really solves problems for criminal investigators. They gain in efficiency and save time, which they really appreciate.”

Guidance Software’s customers typically use a large number of tools in their investigations, so it’s important that they are interoperable.

”Our aim is to make our customers’ lives easier, and without tools like NetClean Analyze and EnCase, investigators are not able to efficiently analyze and categorize the large volumes involved. They need the right tools for the job.”

Ken Mizota envisages several other applications for Analyze in the future.

”The great thing about NetClean Analyze is that it can also be used in other types of investigations involving images, which represent an increasingly important component.”

As examples, he mentions harassment cases or employee misuse of corporate resources for collecting pornographic images.

to NetClean Analyze Product Manager Johann Hofmann, the main benefit of the alliance is that the forensic community now stands to gain a more seamless workflow between IT forensics and investigations of still and video images.

”We have a whole lot to learn from Guidance Software, which has been regarded as the gold standard in IT forensics for years. And with NetClean Analyze now emergent as the leader in technology for processing still and video images, we will be building a standard together.”

Guidance Software’s EnCase solution is used for digital investigations conducted by corporations and law-enforcement organizations worldwide. A total of 40,000 licenses are in use by corporate customers such as Symantec, General Electric, Coca-Cola and Pfizer, and the EnCase servlet is estimated to be deployed on over 20 million endpoints worldwide.