EnCase Forensic Software: Características y funciones (II)

Acquisition

• Mobile collection for 36,000+ profiles: EnCase Forensic supports the latest smartphones and tablets, empowering the examiner to conduct logical and physical acquisitions.
• Native Encryption support: Encrypt evidence files directly in EnCase Forensic, using AES-256 strength encryption
• Improved Evidence File Format: The new and improved Ex01 and Lx01 file formats, built on the trusted E01 and L01 formats, bring increased performance and optimized data management
• Apple T2 Security Bypass: Acquires machines equipped with Apple T2 Security chips without additional hardware, drive partitions, or hassle. And if the user is logged in, no credentials are required
• AFF4 support: Provides physical and logical read capabilities to allow for ingestion of evidence from other investigative tools
• Connect to the cloud: can collect evidence from cloud-based applications, including social media, storage and communication tools.

Processing

• EnCase Evidence Processor: Automate common tasks associated with preparing evidence for investigation, includes:
  • Recover Folders
  • File Signature Analysis
  • Protected File Analysis
  • Hash and Entropy Analysis
  • Expand compound files
  • Find Email (PST, NSF, DBX, EDB, AOL, MBOX)
  • Find Internet Artifacts (IE, Firefox, Safari, Chrome)
  • Search for Keywords
  • Index
  • OCR
• EnScript Module Processing: Encase incorporates the following modules by default in the processor:
  • System Info Parser
  • IM Parser (AOL, MSN, Yahoo)
  • File Carver
  • Personal Information (CC, Phone Numbers, Email, SSN)
  • Windows Event Log Parser
  • Windows Artifact Parser
  • Unix Login
  • Linux Syslog Parser
• Custom EnScript Module Processing: Add custom EnScripts into the EnCase Evidence Processor
• Indexing Engine: Optimized for the forensic examiners needs with robust query language.

Deep Forensic Analysis

• Extensive device support:
  • Mac devices, including HSF+, APFS and FileVault2
  • iOS Physical Images (iPad, iPhone, iPod)
  • Windows and Linux based devices
  • Android
• Encryption Support: supporting Microsoft® Windows® Bitlocker XTS-AES, Dell® Data Protection and Symantec™PGP.
• E-Mail Investigation Platform: E-mail investigations are now as easy as reading email in an inbox. Added capabilities to review e-mail conversations and related messaged to uncover context and identify all individuals related to the case.
• Tagging: Create custom tags and apply to any file, including hash records, to enable easy export of files for review by others.
• Unified Search: Now search across the entire case from one easy to use, flexible, and powerful search interface. Incorporate the index, keyword search results, and tags into a single search.
• AI and ML support: Automatically identifies images of particular interest, including nudity, drugs, weapons and explicit sexual content using artificial intelligence and machine learning.
• Comprehensive artifact support: Collects both local device and cloud-based activity from Facebook, Twitter, Instagram, Google, iCloud, WhatsApp and LinkedIn, as well as internet browser history, videos, documents and location data to ensure all relevant evidence is highlighted.

Reporting

• Customizable Templates: Create custom report templates for consistent reporting for every case.
• Formatting: Choose formatting for each section of the report, tailoring the representation of finding to meet the audiences needs.
• Easy Export Options: Save reports in any of the following formats:
  • Text
  • RTF (opens in Microsoft Office)
  • HTML
  • XML
  • PDF