EnCase Forensic – A Development Perspective

Ken Basore With the release of EnCase v7.03, I wanted to highlight for you a few things that we have been working on over the past several months. Since the release of Version 7, we have heard from many of you that the processing speeds were not acceptable. In addition, we have heard from some of you that there were elements of the new user interface that did not make it easy for you to work your cases the way you prefer. Well, we have listened carefully to all of this feedback, and our Development team has worked hard to make Version 7 easier to use and more robust than any other product, including our own Version 6. With EnCase v7.03, we concentrated on several key areas that were either of concern to our users or could advance the product in important ways.
  • Evidence Processor Performance
  • Support for Text Indexing in Slack and Unallocated Space
  • Compressed review of Search hits
  • Additional Artifacts including attached USB devices and mounted network shares
With respect to the first item, we looked at many different types of evidence and found certain areas where we could optimize how EnCase handles the vast amount of data that can be generated during processing. We changed how some data was stored, as well as how often EnCase reads from certain data files, and when we were done v7.03 processed the same evidence 2 – 3 times faster than v7.02. When you add in that EnCase now also indexes slack and unallocated space, the improvement is even more substantial, and users can now expect processing to complete much faster.

Read more »

Welcome to the EnCase Forensic Blog

Guidance Software

Today we are launching the EnCase Forensic blog.

You might say “why have another blog”, well I am glad you asked. First, while the EnCase Forensic product page has lots of great information about the product, it’s really not conducive to carrying on a conversation with the forensic community. On top of that, we wanted a place where we could talk about EnCase in a much more flexible environment. So this is how the EnCase Forensic blog was born. There will be a number of different topics discussed in this blog, from product releases announcements and future development plans to detailed “How-to” posts, highlighting how best to use a feature in version 7.

If you have suggestions for topics please feel free to drop me an line. Enough about the blog, let's get on with the show. Enjoy!