What's the EnCase Processor?

Guidance Software Last week I sat in on an EnCase® Computer Forensics I class held here in our Pasadena Training Center.

It was a great class, nice mix of students from law enforcement, corporate, and consulting organizations. As the class began the lessons on the Evidence Processor, the instructor asked the students if they had ordered their free EnCase Processor yet and to my surprise more than one student asked "What's the EnCase Processor?"

Seeing this firsthand I thought I'd better take a couple of minutes and explain the new EnCase Processor product and let you know how you can order yours today. All EnCase Forensic v7 licenses now include an EnCase Processor dongle so if you purchased v7 in after v7.03 was released you probably already have your EnCase Processor dongle. If you purchased EnCase Forensic v7 before v7.03 was released you just need to fill out a short form to get your free dongle, but I am getting ahead of myself. Back to the task at hand, explaining the new EnCase Processor product.

The EnCase Processor is a standalone evidence processor designed to allow forensic examiners to offload the acquisition and processing of evidence to another computer, freeing up their forensic workstation for casework. Since EnCase Forensic v7 includes an evidence processor already, now you are essentially doubling your processing capacity. The capabilities of the EnCase Processor are the same as the evidence processor in v7 with one additional capability; smartphone acquisition and reporting.

To read about what you can do with the EnCase Processor download the EnCase Forensic v7 Essentials Manual. The manual is full of great information, including details about the different tasks you can automate with the EnCase Processor. As I mentioned, to order your free EnCase Processor take a couple of minutes and fill out the EnCase Processor order form. All you need to have is the physical address you want the dongle shipped and your EnCase Forensic dongle ID. To make it easier, if you have several EnCase Forensic dongles you can fill out the form once and enter all the dongle IDs together, providing you want the Processor dongles shipped to the same address.

Be sure to keep your eye out on this blog for more information about the processor as well as the other new features of EnCase Forensic v7. As always, any questions or comments please let me know.

EnCase Forensic – A Development Perspective

Ken Basore With the release of EnCase v7.03, I wanted to highlight for you a few things that we have been working on over the past several months. Since the release of Version 7, we have heard from many of you that the processing speeds were not acceptable. In addition, we have heard from some of you that there were elements of the new user interface that did not make it easy for you to work your cases the way you prefer. Well, we have listened carefully to all of this feedback, and our Development team has worked hard to make Version 7 easier to use and more robust than any other product, including our own Version 6. With EnCase v7.03, we concentrated on several key areas that were either of concern to our users or could advance the product in important ways.
  • Evidence Processor Performance
  • Support for Text Indexing in Slack and Unallocated Space
  • Compressed review of Search hits
  • Additional Artifacts including attached USB devices and mounted network shares
With respect to the first item, we looked at many different types of evidence and found certain areas where we could optimize how EnCase handles the vast amount of data that can be generated during processing. We changed how some data was stored, as well as how often EnCase reads from certain data files, and when we were done v7.03 processed the same evidence 2 – 3 times faster than v7.02. When you add in that EnCase now also indexes slack and unallocated space, the improvement is even more substantial, and users can now expect processing to complete much faster.

Read more »

Welcome to the EnCase Forensic Blog

Guidance Software

Today we are launching the EnCase Forensic blog.

You might say “why have another blog”, well I am glad you asked. First, while the EnCase Forensic product page has lots of great information about the product, it’s really not conducive to carrying on a conversation with the forensic community. On top of that, we wanted a place where we could talk about EnCase in a much more flexible environment. So this is how the EnCase Forensic blog was born. There will be a number of different topics discussed in this blog, from product releases announcements and future development plans to detailed “How-to” posts, highlighting how best to use a feature in version 7.

If you have suggestions for topics please feel free to drop me an line. Enough about the blog, let's get on with the show. Enjoy!