EnCase Forensic 7.09: iOS Investigations Out of the Box

Ken Mizota

Most investigators are familiar with the capabilities of EnCase® Forensic as a tool for investigation of desktops, servers, and hard drives, but did you know that ever since EnCase Forensic v7 was introduced, it has provided support for smartphone operating systems out-of-the-box? In Version 7.09, the latest release, EnCase improves smartphone acquisition, analysis and reporting capabilities by adding support for iOS 7 devices.

As you likely know, the mobile device market is dominated by iOS and Android devices. Over 90 percent of the world's smartphone users have an Apple- or Google-powered device. However, even within the majority, there are multiple factors that investigators like you must consider and ultimately deal with, including:

A Treasure Trove of EnCase Version 7 Resources to Help You Make the Transition

Ken Mizota

Not long ago I was at the annual HTCIA conference in Summerlin, Nevada, where I enjoyed having the chance to meet with a number of customers—everyone from recently trained to highly expert investigators. Many of them were proficient in EnCase® Version 6 and wanted to build their EnCase Version 7 skills, but didn’t know where to begin.

If you’ve been wanting to make the transition to EnCase Version 7, but can’t take a trip to an official training center right now, I want you to know about some invaluable resources that can help get you up to speed. Most are free, with a handful of paid online courses at the end.

Version 7 Tech Tip #2: Processing Multiple Cases Serially from a Single Workstation

Jasper Rowe

Did you know you can use a single instance of EnCase® to queue jobs from different cases? 

In previous versions, it was possible to process multiple cases simultaneously using multiple sessions of EnCase. Even though the licensing allowed for this, the processing itself would have had to rely on shared resources. 

Version 7 Tech Tip #1: Matching Parent E-Mails with Attachments in Searches

James Gagen

This is the first in a series of brief, but frequently asked questions and answers about working with EnCase® Forensic Version 7. We hope they save you time and help you close cases faster.

One of the questions we are often asked in Technical Services about working with e-mail searches is, "When I find a relevant e-mail attachment, how can I find the e-mail that the attachment belongs to?" Searching in e-mail may result in keywords being found in both e-mails and attachments. This is how to locate the e-mail to which the attachment belongs:

Using Belkasoft Evidence Center in EnCase Forensic Version 7

Robert Bond

I’d like to introduce you to a new tool that expands the data-extraction capabilities of EnCase® Forensic. Belkasoft Evidence Center makes it easy for investigators to search computer hard drives, disk images, and snapshots of a computer's volatile memory for many types of digital evidence.
This volatile evidence includes conversations made in social networks and can quickly locate chats carried over a variety of instant messengers. Analysis of the suspect’s online behavior can be done by investigating the browsing histories of all major Web browsers, the mailboxes of popular email clients, peer-to-peer data, and multi-player game chats.