EnCase
From Forensics Wiki
Revision as of 01:24, 21 July 2012 by Joachim Metz (Talk | contribs)
| EnCase | |
|---|---|
| Maintainer: | Guidance Software |
| OS: | Windows |
| Genre: | Analysis |
| License: | Commercial |
| Website: | www.guidancesoftware.com |
EnCase is a family of all-in-one computer forensics suites sold by Guidance Software. These products include EnCase Enterprise, EnCase Forensic Edition, EnCase eDiscovery, and EnCase Lab Edition. These programs use a proprietary image file format that has been reverse engineered. Users can create scripts, called EnScripts, to automate tasks.
Contents |
History
Expert Witness (for Windows) was the original name for EnCase (dating back to 1998). More info about this can be found on the Internet Archive [1] including a demo of the original software [2].
File Format
Hash Databases
EnCase uses MD5 hashes and stores them in its proprietary Encase hash file format; either individually or in a "hash map". EnCase supports importing hashes from the NSRL, Hashkeeper, and plain MD5 files.
