From the simplest requirements to the most complex, EnCase® Forensic is the premier computer forensic application on the market. It gives investigators the ability to image a drive and preserve it in a forensic manner using the EnCase evidence file format (LEF or E01), a digital evidence container vetted by courts worldwide.
EnCase Forensic also contains a full suite of analysis, bookmarking and reporting features. Guidance Software and third party vendors provide support for expanded capabilities to ensure that forensic examiners have the most comprehensive set of utilities.
EnCase® Forensic, the industry-standard computer investigation solution, is for forensic practitioners who need to conduct efficient, forensically sounds data collection and investigations using a repeatable and defensible process. The proven, powerful, and trusted EnCase® Forensic solution, lets examiners acquire data from a wide variety of devices, unearth potential evidence with disk level forensic analysis, and craft comprehensive reports on their findings, all while maintaining the integrity of their evidence.
Investigators can be confident in their findings when using the proven, trusted, industry-leading forensic solution.
Uncover critical evidence using advanced search capabilities to identify data that would be irretrievable with other computer forensic applications.
Improved efficiency by automating investigative tasks with EnScript®; the scripting extension built-into EnCase® Forensic.
EnCase Forensic preserves data in an evidence file format (LEF or E01) with an unsurpassed record of court acceptance.
The powerful and effective features of EnCase® Forensic have made it the trusted standard in corporate and criminal investigation. No other product offers the same degree of functionality, acceptance, and performance.
Acquire data from disk or RAM, documents, images, e-mail, webmail, Internet artifacts, Web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, workstations, servers, and with Version 7: smartphones and tablets.
EnCase® Forensic produces an exact binary duplicate of the original drive or media, then verifies it by generating MD5 hash values for related image files and assigning CRC values to the data. These checks and balances reveal when evidence has been tampered with or altered, helping to keep all digital evidence forensically sound for use in court proceedings or internal investigations.
Recover files and partitions, detect deleted files by parsing event logs, file signature analysis, and hash analysis, even within compounded files or unallocated disk space.
Examiners can preview results while data is being acquired. Once the image files are created, examiners can search and analyze multiple drives or media simultaneously.
The National Software Reference Library (NSRL) is provided in the EnCase hash library format, allowing user to easily de-NIST their evidence, eliminating thousands of known files from their evidence set. This reduces the time and amount of data that needs to be analyzed significantly.
View hundreds of file formats in native form, built-in Registry viewer, integrated photo viewer, see results on a timeline/calendar.
EnCase® Forensic features EnScript® programming capabilities. EnScript®, an object-oriented programming language similar to Java or C++, allows users create to custom programs to help them automate time-consuming investigative tasks, such as searching and analyzing specific document types or other labor-intensive processes and procedures. This power can be harnessed by any level of investigator the “Case Developer” or one of the numerous built-in filters.
Export reports with lists of all files and folders along with detailed list of URLs, with dates and time of visits. Provide hard drive information and details related to the acquisition, drive geometry, folder structure, etc.
Once investigators have identified relevant evidence, they can create a comprehensive report for presentation in court, to management or stakeholders in the outcome of the investigation.
EnCase® Forensic Features