EnCase Enterprise
Forensics • eDiscovery
EnCase provides complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations anywhere on a network.
EnCase® Enterprise is a scalable platform that integrates seamlessly with your existing systems to create an enterprise investigative infrastructure. This cutting-edge solution can be tailored to meet your unique needs, including the automation of time-consuming investigative processes, incident response and EnCase eDiscovery.
Encase® Enterprise works by combining five components (the Examiner, the SAFE, the Servlet, the Enterprise Connection and the incident response capability (Snapshot) into one overall system that delivers an enterprise-class, investigative infrastructure. This single tool integrates seamlessly with your existing systems to give you immediate access to comprehensive information on computers across the entire network in a secure fashion. In addition to complete network transparency, EnCase® Enterprise also enables you to remediate any security event as it is identified.
EnCase® Enterprise Components
The SAFE (Secure Authentication For EnCase)
A server used to authenticate users, administer access rights, retain logs of EnCase® transactions, broker communications and provide for secure data transmission. The SAFE communicates with Examiners and target nodes using 128 bit AES encrypted data streams to protect inter-component communication.
The Enterprise Examiner
Software installed on a computer where authorized investigators perform incident response, investigations and audits on designated systems. This software leverages the robust functionality of the world’s standard in investigative enforcement, EnCase® Forensic, with network-enhanced capabilities for security, administration and enterprise investigations.
Servlet
A nonintrusive, auto-updating, passive software agent that is installed on workstations and servers for anytime protection. Connectivity is established between the SAFE, the Servlet and the Examiner to analyze and acquire devices that have the Servlet installed. The Servlet has special stealth capabilities for the most challenging environments. Servlets run on the following operating systems: All Windows operating systems, Linux kernel 2.4 and above, Solaris 8/9 both 32 & 64 bit, Mac OSX and AIX.
Enterprise Connection
A secure virtual connection that is established between the Examiner and target machines. The number of concurrent connections controls the number of machines that can be analyzed simultaneously.
Incident Response Analysis (Snapshot)
Snapshot quickly captures volatile data, providing detailed information on what was occurring on a system at a given point in time.
Features
- Securely investigate/analyze many machines simultaneously over the LAN/WAN at the disk and memory level.
- Acquire data in a forensically sound manner, using software that has an unparalleled record in courts worldwide.
- Limit incident impact and eliminate system downtime with immediate response capabilities.
- Investigate and analyze multiple platforms — Windows, Linux, AIX, OS X, Solaris and more — using a single tool.
- Efficiently collect only potentially relevant data upon EnCase eDiscovery requests.
- Proactively audit large groups of machines for sensitive or classified information, as well as unauthorized processes and network connections.
- Identify fraud, security events and employee integrity issues wherever they are taking place — then investigate/remediate with immediacy and without alerting targets.
- Identify and remediate zero-day events, injected dlls, rootkits and hidden/rogue processes.
