Difference between revisions of "EnCase"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→File Format) |
Joachim Metz (Talk | contribs) |
||
| (One intermediate revision by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | {| | + | {{Infobox_Software | |
| − | + | name = EnCase | | |
| − | + | maintainer = [http://www.guidancesoftware.com Guidance Software] | | |
| − | + | os = [[Windows]] | | |
| − | + | genre = {{Analysis}} | | |
| − | | | + | license = {{Commercial}} | |
| − | + | website = [http://www.guidancesoftware.com www.guidancesoftware.com] | | |
| − | + | }} | |
| − | | | + | |
| − | + | ||
| − | | | + | |
| − | | | + | |
| − | + | ||
| − | + | ||
| − | | | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
'''EnCase''' is a family of all-in-one computer forensics suites sold by [[Guidance Software]]. These products include EnCase Enterprise, EnCase Forensic Edition, EnCase eDiscovery, and EnCase Lab Edition. These programs use a proprietary image file format that has been reverse engineered. Users can create scripts, called [[EnScripts]], to automate tasks. | '''EnCase''' is a family of all-in-one computer forensics suites sold by [[Guidance Software]]. These products include EnCase Enterprise, EnCase Forensic Edition, EnCase eDiscovery, and EnCase Lab Edition. These programs use a proprietary image file format that has been reverse engineered. Users can create scripts, called [[EnScripts]], to automate tasks. | ||
| + | |||
| + | == History == | ||
| + | Expert Witness (for Windows) was the original name for EnCase (dating back to 1998). More info about this can be found on the Internet Archive [http://web.archive.org/web/19980504153628/http://guidancesoftware.com/] including a demo of the original software [http://web.archive.org/web/19980504153759/http://guidancesoftware.com/data/ewsetup.exe]. | ||
== File Format == | == File Format == | ||
See [[Encase image file format]] | See [[Encase image file format]] | ||
| − | ==Hash Databases== | + | == Hash Databases == |
| − | + | EnCase uses [[MD5]] hashes and stores them in its proprietary [[Encase hash files|Encase hash file format]]; either individually or in a "hash map". | |
| − | + | EnCase supports importing hashes from the [[National Software Reference Library|NSRL]], [[Hashkeeper]], and plain MD5 files. | |
== See Also == | == See Also == | ||
| + | * [[Encase image file format]] | ||
* [[EnScripts]] | * [[EnScripts]] | ||
* [[LinEn]] | * [[LinEn]] | ||
| + | * WinEn | ||
== External Links == | == External Links == | ||
| − | * [http://www.guidancesoftware.com | + | * [http://www.guidancesoftware.com Guidance Software] |
* [http://www.safehack.com/Textware/forensic/Anti_Forensic_Break_Encase.pdf Breaking Encase with FILE0 and Winhex] | * [http://www.safehack.com/Textware/forensic/Anti_Forensic_Break_Encase.pdf Breaking Encase with FILE0 and Winhex] | ||
Latest revision as of 01:24, 21 July 2012
| EnCase | |
|---|---|
| Maintainer: | Guidance Software |
| OS: | Windows |
| Genre: | Analysis |
| License: | Commercial |
| Website: | www.guidancesoftware.com |
EnCase is a family of all-in-one computer forensics suites sold by Guidance Software. These products include EnCase Enterprise, EnCase Forensic Edition, EnCase eDiscovery, and EnCase Lab Edition. These programs use a proprietary image file format that has been reverse engineered. Users can create scripts, called EnScripts, to automate tasks.
Contents |
[edit] History
Expert Witness (for Windows) was the original name for EnCase (dating back to 1998). More info about this can be found on the Internet Archive [1] including a demo of the original software [2].
[edit] File Format
[edit] Hash Databases
EnCase uses MD5 hashes and stores them in its proprietary Encase hash file format; either individually or in a "hash map". EnCase supports importing hashes from the NSRL, Hashkeeper, and plain MD5 files.
