Working with EnScript and .NET/C#

Ken Mizota

The ability to manipulate and interpret data structures within evidence has long been a strength of EnCase. EnScript—a core EnCase technology—has enabled investigators and incident responders to be efficient, automating the most sophisticated or mind-numbingly rote techniques. For instance, take Simon Key's (@SimonDCKey) recent post on the OS X Quick Look Thumbnail Cache: the ability to mine, extract and work with critical data for your case is available now. This app, courtesy of Guidance Software Training, just happens to be free, enabling the DFIR community to take advantage. If you need to keep pace with the perpetually accelerating gap between data and the investigator’s ability to understand that data, having extensible, flexible tools in your kit is not optional.

CEIC 2014: The Car of the Future May be a Forensic Gold Mine

Move over KITT, it looks like you have some competition.

Automotive leaders like Chrysler, Ford, BMW and General Motors are investing in technology that incorporates text-to-voice solutions, enabling drivers to check email and text messages as they drive. With Ford SYNC, drivers can make hands-free phone calls, control their music and more with voice commands.

In his session on vehicle forensics at CEIC 2014, Berla Corporation CEO Ben LeMere discussed new and emerging technologies that are being adopted by automobile companies. These companies are now developing vehicles that create an experience to entertain and inform drivers and passengers while also facilitating voice and data communications on the road.

Evidence Encryption in the Post-TrueCrypt Era

Ken Mizota

In the news last week, the anonymous developers of TrueCrypt very publicly announced the discontinuation of TrueCrypt development, and declared TrueCrypt "not secure." The vagaries and abruptness of the announcement have caused a disturbance in the interweb at large. A search on "TrueCrypt" yields no less than 27,000 hits categorized as "News."

TrueCrypt has been a double-edged sword for digital investigators. On one edge, TrueCrypt's wide availability means it has been used to hide data from the eyes of investigators. Full disk, container, and hidden container encryption have created "game over" situations for investigators for years. Attendees of Guidance Software's Training courses learn about common uses of TrueCrypt and practical techniques to deal with them, including use of EnCase with tools like Passware.

On OpenSSL Security Advisory CVE-2014-0224

After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected.  At that time, we confirmed: Guidance Software products do not use OpenSSL at all.

On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.

Questions? Comments? Add below or reach out to us on Twitter @EnCase

Suzanne Widup: The 2014 Verizon DBIR, a New EnCase v7 Book, and a Two-Part Webinar Series

How do you define an EnCase expert? Having worked on over 400 forensic, e-discovery, and information security cases, Suzanne Widup fits our definition. President and founder of the Digital Forensic Association and a senior analyst on the Verizon RISK Team, she will be joining us at CEIC this month to present a session on “2014 Verizon Data Breach Investigations Report (DBIR) Lessons Learned”–the seventh Verizon DBIR report and the latest in a series released annually that many incident response and information security professionals look forward to reviewing each year.

The 2014 DBIR revealed, among many insights, that although cybercriminals can bypass an organization's security within days, it takes months before malware is detected. Guidance Software contributed to the DBIR and invited Verizon to present highlights of the report at CEIC.