Unbiased Testing Confirms: EnCase® Forensic is Fastest

Ken Mizota Ken Mizota, Product Manager, Forensic Solutions

Well, that didn’t take long.

A genuine, independent third party, Digital Intelligence, a company recognized and respected in the forensic community and a reseller of forensic-specific solutions, including EnCase® Forensic and AccessData’s Forensic Toolkit (FTK) software, recently published the results of its testing of both FTK and EnCase Forensic.

The Road to CEIC 2013: EnCase in Action!

Jessica Bair

The “Road to CEIC 2013” is a series of blog posts on all things CEIC, before, during, and after, from an insider’s point of view.

The final agenda for @CEIC_Conf #CEIC was just released. Some breaking news: Guidance Software will unveil and describe in-depth EnCase® Analytics, our new security intelligence product employing big data analytics. EnCase Analytics empowers customers to find and expose cyber-threats hiding behind complex relationships in the wealth of data that exists within the sum of all endpoints of an enterprise. Presentations and demonstrations about EnCase Analytics will be available throughout the conference. I have been looking forward to this big announcement for months, and I will be creating the EnCase OnDemand training for EnCase Analytics this summer.

Numbers May Not Lie, But The AccessData Report Is Far From The Truth

Ken Mizota Ken Mizota, Product Manager, Forensic Solutions

A little over a year ago, back in March 2012, in a previous EnCase Forensic blog post, “A Development Perspective,” we discussed the improvements that we had made to EnCase, including evidence processing speeds and the comprehensiveness of the indexed results. Now, AccessData, after waiting over a year, has conducted testing at its facilities on its equipment (nominally conducted by an “independent” third party, Opus One), and has issued a report (the “AccessData Report”) which I’ll address in detail, below. The AccessData public relations campaign over the last few weeks calls to mind the famous quote from Mark Twain:

The Road to CEIC 2013 – Digital Forensic Lab Focuses on Automation

Jessica Bair

The “Road to CEIC 2013” is a series of blog posts on all things CEIC, before, during, and after, from an insider’s point of view.

For each release of EnCase®, I re-write the free EnCase Essentials course manual, a resource for getting started with EnCase® products. The past few weeks, I’ve had the opportunity to alpha and beta test the upcoming EnCase® Forensic v7.07 software while working on the manual update. As part of the beta testing, I have had the chance to work with the development team and Ken Mizota, product manager, who is dedicated to making EnCase Forensic more efficient, easier to use and incorporate new forensic features.

Feature Spotlight: Direct Network Preview

Guidance Software

EnCase Version 7.06 introduces a new built in ability to perform remote forensics. If you are unfamiliar with the term “remote forensics”, take a moment to review the Gartner Remote Forensics Report for 2012. EnCase Forensic Version 7.06 brings remote forensics to the standard in digital investigations, and enables forensically sound investigation of live devices. In this post, we’ll walk through how to perform a network preview, and we’ll discuss some of the key differences between remote investigation in EnCase Forensic and EnCase Enterprise.

Feature Spotlight: Embedding Hyperlinks in Exported Reports

Guidance Software

EnCase version 7.05 provides the ability to include hyperlinks to original documents and images in reports and offers updated report templates that display more metadata than ever before. View important metadata such as dates, times, physical sector information for unallocated items and hash values. Continue reading to learn how to include hyperlinks in your exported reports.

EnCase v6 to v7 CEIC Session Recap

Guidance Software



It is hard to believe CEIC 2012 was almost two months ago. Since CEIC we have been hard at work on EnCase, in fact recently we released an update to v7, v7.04.1. If you did not receive the email notification about this release you can request the software download links by registering your dongle. Look for another great update to v7 coming in the fall, v7.05.

Examining Volume Shadow Copies – The Easy Way!

Simon Key

INTRODUCTION

The Volume Shadow Copy Service (VSS) is a framework that allows volume-backups to be created while file system writes continue to take place.

Originally implemented in Windows XP and Windows Server 2003, VSS was expanded with Windows Vista, resulting in an additional Windows Explorer Previous Versions properties-sheet.

Using Volatility with EnCase

Mark Morgan

INTRODUCTION

Memory Analysis has come a long way and it is imperative that a good Incident Responder realize the valuable information that can be obtained in analyzing memory.

I have been conducting Incident Response investigation for a few years now and have always used Volatility as my tool of choice. I like it because first off it is open source and I have found it to be very user friendly in identifying possible malware and being able to understand the results that are being retrieved from memory.

CEIC and EnCase Essentials v7 Training

Guidance Software

Last week at CEIC we ran four Upgrading EnCase v6 to v7: Who Moved My Cheese? sessions. The sessions were packed with EnCase v6 users who were looking to get past the obstacles that were preventing their full transition to v7. In total we presented to close to 200 attendees and had some really great discussion. By the end of the sessions I could see many of the attendees were ready to get going with v7.

During the process of walking the users through v7 I learned that that quite a few of the folks in each session had yet to view the free EnCase Essentials Training. One of the reasons many had not taken advantage of this free training was that they did not have ready access to the internet at work. Even those who knew about the training were forced to view it during their off hours, when they were able to connect to the internet.

The first thing I did when I got to the office this week was ask our training department to create an offline version of the essentials training and they did. Now anyone that wants to get the basics of v7 can download this offline format of the EnCase Essentials Training and view the lessons anytime, anywhere. In addition, we also updated the companion EnCase Essentials Training Guide, incorporating the changes made in the latest release of EnCase, v7.04. Be sure to download these two files when you get a chance and keep them handy.

On a related note I am planning a v6 to v7 webinar series where we will cover many of the topics that were presented during the CEIC session. Look for more information about this webinar series soon.