EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection



Similar documents
GUIDANCE SOFTWARE EnCase Portable. EnCase Portable. A Data Collection and Triage Solution that Anyone can Use

EnCase Forensic Product Overview

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

EnCase Enterprise For Corporations

EnCase ediscovery. Automatically search, identify, collect, preserve, and process electronically stored information across the network.

EnCase Cybersecurity. Network-enabled Incident Response and Endpoint Data Control through Cyberforensics. GUIDANCE SOFTWARE EnCase Cybersecurity

Corporations Take Control of E-Discovery

EnCase Endpoint Security Product Overview

EnCase Cybersecurity In Action

Guidance Software Whitepaper. Point-of-Sale Systems Endpoint Malware Detection and Remediation

Guidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity

EnCase Portable Demo P A G E 0

MSc Computer Security and Forensics. Examinations for / Semester 1

EnCase v7 Essential Training. Sherif Eldeeb

EnCase 7 - Basic + Intermediate Topics

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics, ediscovery and Electronic Evidence

GUIDANCE SOFTWARE EnCase Cybersecurity Complement Guide. EnCase Cybersecurity. Complement Guide

Hands-On How-To Computer Forensics Training

EnCase Analytics Product Overview

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Overview of Computer Forensics

Computer Forensics. Securing and Analysing Digital Information

Steven Kaplan, CISSP, CISA Accuvant Sandra Bittner, CISSP Arizona Public Service Palo Verde Nuclear Generating Station

Digital Forensics. Larry Daniel

plantemoran.com What School Personnel Administrators Need to know

Course Title: Computer Forensic Specialist: Data and Image Files

A Practical Approach for Evidence Gathering in Windows Environment

Incident Response and Computer Forensics

EC-Council Ethical Hacking and Countermeasures

Guidelines on Digital Forensic Procedures for OLAF Staff

EnCase Endpoint Investigator Fundamentals 5/25/2016

Guidance Software Training

ETERE MEDIA LIBRARY: The best secure solution for your media

Developing Computer Forensics Solutions for Terabyte Investigations

How To Use Encase On A Computer Or A Hard Drive (For A Computer)

Technical Procedure for Evidence Search

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Incident Response and Forensics

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Computer Forensics as an Integral Component of the Information Security Enterprise

SharePoint Archive Rules Options

Understanding ediscovery and Electronically Stored Information (ESI)

Addressing Legal Discovery & Compliance Requirements

How to Avoid The Biggest Electronic Evidence Mistakes. Ken Jones Senior Technology Architect Pileum Corporation

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Recovering Microsoft Office SharePoint Server Data. Granular search and recovery means time and cost savings.

Laserfiche. and SharePoint Integration. Your potential, realized. Learn More Inside. Include imaged documents in collaborative processes.

{ecasey,

Build Context into Your Digital Forensic Exam With Online Evidence

Introduction to BitLocker FVE

CYBER FORENSICS (W/LAB) Course Syllabus

Legal Notices. AccessData Corp.

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/ Fax: 802/

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensics & e-discovery Services

Forensics on the Windows Platform, Part Two

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Introduction to Windows 7 (Brought to you by RMRoberts.com)

SecureDoc for Mac v6.1. User Manual

Windows 8 Hacks O'REILLY* Preston Gralla. Beijing. Cambridge Famham. Koln Sebastopol Tokyo

What is Digital Forensics?

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

HDDtoGO. User Guide. User Manual Version CoSoSys SRL 2010 A-DATA Technology Co., Ltd. HDDtoGO User Manual

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

Recovering Microsoft Office SharePoint Server Data

Business Case for Voltage Secur Mobile Edition

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data

CatDV Pro Workgroup Serve r

Manual for Android 1.5

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Outlook Web Access 2003 Remote User Guide

Symantec Enterprise Vault.cloud Overview

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Getting Ahead of Malware

Compatibility with Encryption Products

Recovering Microsoft Exchange Server Data

Online Backup Client User Manual

Symantec File Share Encryption Quick Start Guide Version 10.3

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Digital Forensics. Module 4 CS 996

SOLUTION GUIDE AND BEST PRACTICES

Carry it Easy. User Guide

Transcription:

GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection

GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable EnCase Portable is designed to address the challenge of completing forensic triage and data collection in the field, for both forensic professionals and non-technical personnel. The solution is composed of two components, Triage and Collect. Who Can Use EnCase Portable Police Officers Probation and Parole Officers Civilian Investigators Military Personnel Government Personnel IT Professionals Law firm Personnel Litigation Support Personnel Non-Technical Personnel Triage allows forensic experts and non-experts alike to quickly review information stored on a computer in the field, in real time, without altering or damaging the information. By executing pre-configured triage searches, users can quickly browse pictures, view internet history, see who has been using a computer, and much more. Advanced users of Triage can also create new triage searches, in the field, in a matter of minutes, meaning no situation is out of reach of EnCase Portable Triage. With Collect, anyone can become an extension of an organization s computer forensic, incident response, or e-discovery team. Running collection searches, pre-configured by the experts, anyone can use EnCase Portable to perform forensically sound collections in the field. Collect can be used to create a bit-by-bit copy of a computer s hard drive or perform a targeted collection based on the criteria required for the specific situation. In addition, with Collect users can collect an exact copy of a computer s memory, which can contain valuable information pertinent to an investigation. With EnCase Portable, forensic professionals can get a handle on their case backlog by attacking the issue at the source, reducing the total amount of evidence brought in for analysis. For field personnel, EnCase Portable gives immediate access to critical information stored on a computer, without having to be an expert in computer forensics. For corporations, EnCase Portable enables easy, forensically sound collection of data from remote offices or locations without requiring expert personnel. The combination of Triage and Collect make EnCase Portable the most powerful, flexible, and field-ready solution for handling computer forensic tasks. EnCase Portable Features at a Glance CORE CAPABILITIES Both Triage and Collect share these fundamental capabilities EnCase Expert 0101010001011101010111101010101111101010110100110 1010101101010100011011110010101001 101010111110111101000101110111011110100010 Non-Expert Workflow: 1. Insert EnCase Portable USB (and storage drive if required) into computer 2. Launch EnCase Portable from the USB device 3. Select a job to execute 4. EnCase Portable runs the selected job, collecting data or performing a triage search 5. User, once satisfied with triage results or collection job has completed, closes EnCase Portable 6. Collected data can be made available to the forensic professional for full analysis as required Operating Modes: Execute EnCase Portable on an already running computer (Live Mode) Boot a computer with EnCase Portable (Boot Mode) In either mode, no EnCase files are installed on the suspect s computer

Default Jobs: Every EnCase Portable contains a combination of default Triage and Collect jobs, including: Collect Document Files Create Internet Artifacts Report Collect Mail Files Triage or Create PII Report Collect Picture Files Triage Pictures Collect Copy of Drive or Memory EnCase Portable now gives any lawyer, paralegal, and litigation support specialist the ability to easily collect and preserve ESI anywhere, anytime. -John J. Rosenthal, Partner and Chairman, e-discovery and electronic information practice group, Winston & Strawn LLP Job Creation: Create new jobs or edit existing jobs to meet specific case needs New jobs can be created using EnCase Forensic or EnCase Enterprise New jobs can also be created in-the-field, in real time without using EnCase Forensic or EnCase Enterprise Transferrable from one device to another Collected Data: Collected data is managed with EnCase Forensic or EnCase Enterprise Other solutions that support E01, L01, Ex01, or Lx01 can be used to review collected data Easy import of collected data into current case. Search & Collection Methodology: Valuable file attributes (metadata) and contents not altered during search and collection Folder structures maintained for collected data Collected data stored in EnCase Evidence File Formats (E01, L01, Ex01, Lx01) Encryption of collected data possible (Ex01 and Lx01 formats)

Triage Specific Capabilities Triage Options: Search for files that may contain Personally Identifiable Information (PII) Credit Cards (Visa, MasterCard, American Express, Discover) Phone Numbers (with or without area codes) E-mail addresses US Social Security Numbers Review Images in a Gallery View Search based on file extensions (.jpg,.bmp,.png, etc.) Search based on file signature Limit number of images and/or the minimum image file size EnCase Portable lets anyone with minimal technical knowledge collect electronic evidence, with a chain of custody, from computers in the field. This will free up time for computer forensic experts and allow them to focus their attention on analysis and reporting, rather than initial collection. - Collect Evidence With EnCase Portable, Product Review, Law Technology News Identify files based on Hash Value matches Create new hash sets Use hash sets available in EnCase Forensic or EnCase Enterprise Customize search by creating an Entry Condition to focus the search Preview files based on Metadata Focus searches based on any properties of a file (size, type, dates, etc.) Specific search criteria is entered as an Entry Condition Matching files can be reviewed instantly Locate and review files that contain specific Keywords Import a list of keywords or add keywords manually Customize search by creating an Entry Condition to focus the search Review the keyword search results for all files on the suspect computer Reporting and Analysis: Perform a quick analysis on the collected data Prepare a report on the triage and collection results in the field Encryptions Support: Utilizing the EnCase Decryption Suite, the following encryption products are supported PGP Whole Disk Encryption Microsoft Bitlocker Guardian Edge Encryption Plus, Hard Disk, and Encryption Anywhere Utimaco/Sophos Safeguard Easy McAfee SafeBoot Offline (challenge/response not supported) WinMagic SecureDoc Checkpoint/PointSec Full Disk Encryption Credentials required for each supported encryption product

Collection Specific Capabilities Collection Options: Acquisition Collect logical, physical, and/or removable drives Acquire computers memory Configure imaging job to prompt for desired drive at time of collection Acquisition Configuration Set segment file and block size Select compression and error granularity settings View calculated MD5 and/or SHA1 acquisition hashes Snapshot Information Calculate hash values for executables that are currently running Identify processes that have been hidden from the operating system Collect list of currently loaded dynamic link libraries (DLLs) Gather information on currently logged on users Detect if the MAC address of any Network Interface has been altered Internet History Collect history of visited websites Collect user cache and bookmarks Collect information on cookies and downloaded files Instant Messages Identify and parse information left on the computer related to instant messaging Search for instant message artifacts can include the unallocated space of the hard drive AOL, MSN, and Yahoo instant messaging clients supported System Information Collects system from artifacts related to Network Information Operating system information Installed Software Installed Hardware User/Account information Shared/mapped drives User Activity (Linux Only) Startup Routines (Linux Only) Supports Ubuntu 8 Fedora 8 Linux distributions, in addition to Windows operating systems. Linux System Logs Collects and parses Linux system log files and their system messages Windows Artifacts Collects the following windows system files MFT transaction logs Link Files Recycle Bin items Search for windows artifacts can include the unallocated space of the hard drive Unix Login Parses the Unix systems WTMP and UTMP files, which hold all login activities Windows Event Logs Parses and collects information pertaining to Windows events recorded in the system logs, including application, system, and security logs Entry condition may be used to target the search based on the entry properties Included EVT and/or EVTX conditions to limit the search and collection further ILTA s 2010 Distinguished Peer Award for the Innovative Vendor Category

www.guidancesoftware.com Our Customers Guidance Software s customers are corporations and government agencies in a wide variety of industries, such as financial and insurance services, technology, defense contracting, pharmaceutical, manufacturing and retail. Representative customers include Allstate, Chevron, FBI, Ford, General Electric, Honeywell, NATO, Northrop Grumman, Pfizer, SEC, UnitedHealth Group and Viacom. About Guidance Software (NASDAQ: GUID) Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase platform provides the foundation for government, corporate and law enforcement organizations to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as responding to e-discovery requests, conducting internal investigations, responding to regulatory inquiries or performing data and compliance auditing - all while maintaining the integrity of the data. There are more than 40,000 licensed users of the EnCase technology worldwide, the EnCase Enterprise platform is used by more than sixty percent of the Fortune 100, and thousands attend Guidance Software s renowned training programs annually. Validated by numerous courts, corporate legal departments, government agencies and law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition from Law Technology News, KMWorld, Government Security News, and Law Enforcement Technology. 2012 Guidance Software, Inc. All Rights Reserved. EnCase and Guidance Software are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners. EP BR 0130-12002

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information