Forensic, the industry-standard computer investigation solution, is for
forensic practitioners who need to conduct efficient, forensically sound
data collection and investigations using a repeatable and defensible
process. The proven, powerful, and trusted EnCase® Forensic solution,
lets examiners acquire data from a wide variety of devices, unearth
potential evidence with disk level forensic analysis, and craft
comprehensive reports on their findings, all while maintaining the
integrity of their evidence.
Acquire from Almost Anywhere: Acquire
data from disk or RAM, documents, images, e-mail, webmail, Internet
artifacts, Web history and cache, HTML page reconstruction, chat
sessions, compressed files, backup files, encrypted files, RAIDs,
workstations, servers, and with Version 7: smartphones and tablets.
Forensically Sound Acquisition: EnCase®
Forensic produces an exact binary duplicate of the original drive or
media, then verifies it by generating MD5 hash values for related image
files and assigning CRC values to the data. These checks and balances
reveal when evidence has been tampered with or altered, helping to keep
all digital evidence forensically sound for use in court proceedings or
Advanced Analysis: Recover
files and partitions, detect deleted files by parsing event logs, file
signature analysis, and hash analysis, even within compounded files or
unallocated disk space.
Improved Productivity: Examiners
can preview results while data is being acquired. Once the image files
are created, examiners can search and analyze multiple drives or media
Automated de-NISTing Capabilities: The
National Software Reference Library (NSRL) is provided in the EnCase
hash library format, allowing user to easily de-NIST their evidence,
eliminating thousands of known files from their evidence set. This
reduces the time and amount of data that needs to be analyzed
Multiple File Viewer Support: View
hundreds of file formats in native form, built-in Registry viewer,
integrated photo viewer, see results on a timeline/calendar.
Customizable and Extensible with EnScript®: EnCase®
Forensic features EnScript® programming capabilities. EnScript®, an
object-oriented programming language similar to Java or C++, allows
users create to custom programs to help them automate time-consuming
investigative tasks, such as searching and analyzing specific document
types or other labor-intensive processes and procedures. This power can
be harnessed by any level of investigator the “Case Developer” or one of
the numerous built-in filters.
Automatic Reports: Export
reports with lists of all files and folders along with detailed list of
URLs, with dates and time of visits. Provide hard drive information and
details related to the acquisition, drive geometry, folder structure,
Actionable Data: Once
investigators have identified relevant evidence, they can create a
comprehensive report for presentation in court, to management or
stakeholders in the outcome of the investigation.
Integration to Passware Kit Forensic: Use
the Evidence Processor to automate the detection of encrypted files.
Once the files are decrypted by Passware Kit Forensic* they can be
easily integrated back into EnCase Forensic for further analysis.