[DFNews] EnCase v7.08发布
2013-08-23 09:22
211 查看
EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行分布式证据处理的方式。
以下是Release Note,更新软件下载地址集中于置顶帖中。
What’s New in Version 7.08
Evidence Processor Manager
Evidence Processor Enhancements
Augmented File Carving for Images
New Evidence Processor Lock/Unlock Flexibility
Encryption Support Updates
Windows Resilient File System (ReFS) Support
Solaris Volume Manager Support
Improved Hash Library Management
Macintosh OS X Disk Image Support
Safari Internet Artifact Updates
Smartphone OS Application Support
Usability Enhancements
Create Tags Using Keyboard Shortcuts
Create Logical Evidence Files from Search Results
Improved Email Alternate Body Handling
Evidence Processor Manager
The new Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors.
With the Evidence Processor Manager, you can simplify evidence processing and acquisition by:
Queuing evidence in the jobs list to be processed.
Prioritizing the execution of evidence to be processed.
Distributing the processing workload across multiple processing nodes. Any available node picks up the next job in the queue for the rapid processing of evidence.
Evidence Processor Enhancements
File Carver
The File Carver augments existing file carving capabilities by using Windows Graphics Device Interface (GDI) libraries to accurately carve images according to their sizes and file types. GDI libraries identify the actual length of the file to be carved, resulting in increased probability of carving high fidelity images.
New Evidence Processor Lock/Unlock Flexibility
Evidence Processor now gives you the following options so you can designate only the evidence that you want specifically processed:
During initial processing, File Signature Analysis can be turned On or Off. The default is On.
While running Evidence Processor with an existing evidence cache
Keyword Search can be turned On or Off
Recover Folders can be turned On if it was previously turned Off
Encryption Support Updates
EnCase Version 7.08 provides the following support for encryption products:
Sophos SafeGuard Easy and Enterprise 6 (32-bit only)
McAfee Endpoint Encryption 7.0 (32-bit only)
Check Point Full Disk Encryption 8 (OS X and Windows)
Windows Resilient File System (ReFS) Support
EnCase supports the investigation of machines running the Windows 8 operating system. This includes the ability to acquire and parse allocated files and folders from the ReFS file system.
Solaris Volume Manager
EnCase now supports Solaris Volume Manager (SVM), to parse and investigate logical volumes on Solaris 9 and 10 computers.
Improved Hash Library Management
The Manage Hash Library function now allows you to:
Select a hash set to work with
View the contents of a hash set
Delete individual items from a hash set
Macintosh OS X Disk Image Support
The following Macintosh OS X media types are now supported by EnCase:
DMG format
Sparse image format
Sparse bundle format
Macintosh File Value is a wrapper on top of DMG or sparse image files. All three types of media can be encrypted via either AES-128 or AES-256. EnCase currently supports images encrypted with AES-128, only.
EnCase now supports the following DMG formats:
UDZO (zip compression algorithm)
UDBZ (BZip2 compression algorithm)
UDCO (Apple-proprietary ADC compression algorithm)
Safari Internet Artifact Updates
EnCase supports Safari Versions 5 and 6 including cookie and cache artifacts.
Smartphone OS Application Support
The following list shows software applications supported by EnCase, arranged by operating system.
Android
Gmail
Yahoo mail
GTalk
Facebook
Twitter
Google+
Google Now
Google Docs
Dropbox
Chrome Browser
iPhone
Google Maps
Apple Maps
Google Plus
Usability Enhancements
Create Tags Using Keyboard Shortcuts
You can now create tags using keyboard shortcuts. Hot keys are assigned to the first ten tags (Alt-0 to Alt-9)
Search Results Exported to Logical Evidence Files
You can now export items in a set of search results to a logical evidence file (LEF). Search results may contain both entries and records. When you export search results containing only entries or containing only records, EnCase generates a single LEF. When you export search results containing both entries and records, EnCase generates two LEFs.
Improved Email Alternate Body Handling
When email systems append a plain text version of the email together with the HTML/rich text version, this text is called an "alternate body." Formerly, EnCase treated this as an attachment to the message, and displayed an attachment paper clip icon. Now, when an alternate body is the only attachment to an email message, EnCase displays a standard email icon, rather than the paperclip icon.
以下是Release Note,更新软件下载地址集中于置顶帖中。
What’s New in Version 7.08
Evidence Processor Manager
Evidence Processor Enhancements
Augmented File Carving for Images
New Evidence Processor Lock/Unlock Flexibility
Encryption Support Updates
Windows Resilient File System (ReFS) Support
Solaris Volume Manager Support
Improved Hash Library Management
Macintosh OS X Disk Image Support
Safari Internet Artifact Updates
Smartphone OS Application Support
Usability Enhancements
Create Tags Using Keyboard Shortcuts
Create Logical Evidence Files from Search Results
Improved Email Alternate Body Handling
Evidence Processor Manager
The new Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors.
With the Evidence Processor Manager, you can simplify evidence processing and acquisition by:
Queuing evidence in the jobs list to be processed.
Prioritizing the execution of evidence to be processed.
Distributing the processing workload across multiple processing nodes. Any available node picks up the next job in the queue for the rapid processing of evidence.
Evidence Processor Enhancements
File Carver
The File Carver augments existing file carving capabilities by using Windows Graphics Device Interface (GDI) libraries to accurately carve images according to their sizes and file types. GDI libraries identify the actual length of the file to be carved, resulting in increased probability of carving high fidelity images.
New Evidence Processor Lock/Unlock Flexibility
Evidence Processor now gives you the following options so you can designate only the evidence that you want specifically processed:
During initial processing, File Signature Analysis can be turned On or Off. The default is On.
While running Evidence Processor with an existing evidence cache
Keyword Search can be turned On or Off
Recover Folders can be turned On if it was previously turned Off
Encryption Support Updates
EnCase Version 7.08 provides the following support for encryption products:
Sophos SafeGuard Easy and Enterprise 6 (32-bit only)
McAfee Endpoint Encryption 7.0 (32-bit only)
Check Point Full Disk Encryption 8 (OS X and Windows)
Windows Resilient File System (ReFS) Support
EnCase supports the investigation of machines running the Windows 8 operating system. This includes the ability to acquire and parse allocated files and folders from the ReFS file system.
Solaris Volume Manager
EnCase now supports Solaris Volume Manager (SVM), to parse and investigate logical volumes on Solaris 9 and 10 computers.
Improved Hash Library Management
The Manage Hash Library function now allows you to:
Select a hash set to work with
View the contents of a hash set
Delete individual items from a hash set
Macintosh OS X Disk Image Support
The following Macintosh OS X media types are now supported by EnCase:
DMG format
Sparse image format
Sparse bundle format
Macintosh File Value is a wrapper on top of DMG or sparse image files. All three types of media can be encrypted via either AES-128 or AES-256. EnCase currently supports images encrypted with AES-128, only.
EnCase now supports the following DMG formats:
UDZO (zip compression algorithm)
UDBZ (BZip2 compression algorithm)
UDCO (Apple-proprietary ADC compression algorithm)
Safari Internet Artifact Updates
EnCase supports Safari Versions 5 and 6 including cookie and cache artifacts.
Smartphone OS Application Support
The following list shows software applications supported by EnCase, arranged by operating system.
Android
Gmail
Yahoo mail
GTalk
Google+
Google Now
Google Docs
Dropbox
Chrome Browser
iPhone
Google Maps
Apple Maps
Google Plus
Usability Enhancements
Create Tags Using Keyboard Shortcuts
You can now create tags using keyboard shortcuts. Hot keys are assigned to the first ten tags (Alt-0 to Alt-9)
Search Results Exported to Logical Evidence Files
You can now export items in a set of search results to a logical evidence file (LEF). Search results may contain both entries and records. When you export search results containing only entries or containing only records, EnCase generates a single LEF. When you export search results containing both entries and records, EnCase generates two LEFs.
Improved Email Alternate Body Handling
When email systems append a plain text version of the email together with the HTML/rich text version, this text is called an "alternate body." Formerly, EnCase treated this as an attachment to the message, and displayed an attachment paper clip icon. Now, when an alternate body is the only attachment to an email message, EnCase displays a standard email icon, rather than the paperclip icon.
相关文章推荐
- [DFNews] What's coming in EnCase 7.08?
- [DFNews] Elcomsoft 发布EPPB 2.00.233
- [DFNews] EnCase 更新至 v7.10
- [DFNews] CelleBrite发布可视化关联分析软件Link Analysis 1.7
- [DFNews] eDEC发布“狼蛛”2.0手机取证系统
- [DFNews] Blackbag发布MacQuisition 2013 R2
- [DFNews] GSI发布EnCase v7.07
- [DFNews] CelleBrite发布2013年移动设备取证趋势与预测白皮书
- [DFNews] Guidance推出EnCase v7.06以及EnCase Imager 7.06
- [DFNews] Guidance Software推出EnCase AppCentral应用商店
- [CFNews] SimpleCarver v4.7发布
- [CFNews] MacForensicsLab发布MacLockPick 3.0
- [DFNews] Cybercrime:Smoking Gun - Evidence is mounting that China’s government is sponsoring the cybertheft of Western corporate secrets.
- [DFNews] Apple's iMessage encryption trips up feds' surveillance
- The future of news? Virtual reality(2015年5月发布于TED)
- [CFNews] MicroSystemation 发布手机取证分析工具XAMN
- NEWS:Flexera Software发布AdminStudio 10
- [DFNews] 美国Newtown枪击案嫌犯Adam Lanza的硬盘被破坏,电子证据可能丢失。
- [CFNews] CelleBrite发布UFED 1.1.9.7以及Physical Analyzer 3.0
- MarqueeNews2.2发布