Corporate Security   

Brochures:
EnCase® Enterprise for Corporations(PDF)

 Security Infrastructure Complement Guide(PDF)
Webinars:
Enterprise Investigative Infrastructure Part 1: Fraud Detection & Mitigation

Enterprise Investigative Infrastructure Part 2: Incident Response
Whitepapers:
EnCase® Enterprise Detailed Product Description (PDF)

Inside EnCase® Enterprise: Review of Security Schema (PDF)

Comments on NIST Test Results for EnCase® Enterprise 3.20 (PDF)

Evidentiary Authentication within the EnCase® Enterprise Process (PDF)

Digital Privacy Considerations with the Introduction of EnCase® Enterprise (PDF)

CLICK HERE TO SEE ALL WHITEPAPERS

 
Skip Navigation Links
> products and servicesExpand > products and services
Skip Navigation Links
> companyExpand > company
Skip Navigation Links
> resourcesExpand > resources
Skip Navigation Links
> contact supportExpand > contact support
Skip Navigation Links
> support portal
  
Internal Investigations Incident Response Security Services

Home > Corporate Home > Incident Response

Incident Response with EnCase® Enterprise

"In our Clear Choice Test, we found that with this aggregation of incident-response and forensic capabilities not yet seen in competing products, EnCase® Enterprise can . . . establish relationships between open ports, open files, network connections, hidden files or processes and malicious activity"
       — Sam Stover, Network World

The EnCase® Enterprise provides incident response capabilities, allowing you to investigate meaningful alerts, establish intrusion profiles to zero in on all contaminated computers, and restore your network's security with little or no disruption. EnCase® Enterprise can be customized to address your unique incident response (IR) needs.

The solution's compromise assessment capabilities also allow you to audit your network proactively to understand what is running and how that picture deviates from your existing policies.

ONLY ENCASE® SOLUTIONS CAN DO ALL THIS. . .

  • Scan for running processes on multiple machines simultaneously, across multiple operating systems — up to 30,000 machines per hour.
  • Capture a complete picture of volatile data including open ports, active processes, open files, live Windows registry, network users and network interfaces.
  • Allows full compliance with the NIST Computer Security Incident Handling Guide.
  • Analyze system data across time to achieve a detailed analysis and determine the exact impact of a computer attack.
  • Preview computers over the network to determine whether relevant evidence exists:
    • Unallocated/allocated space
    • Deleted files
    • File slack
    • Volume slack
    • File system attributes
    • CD ROMs/DVDs
    • Mounted FireWire amd USB devices
    • Mounted encrypted volumes
    • Mounted thumb drives
  • Find and remediate zero-day events and other malicious code — identify and destroy hidden processes and hooks used by rootkits.
  • Create logical evidence files and preserve associated metadata on an individual-file basis — eliminating the need to capture entire hard drives.
 

"Coupled with the right training, EnCase® Enterprise has the potential to bring accurate closure to every intrusion alarm. "
InfoWorld

"EnCase® Enterprise is a best practice for response and analysis of internal and external security breaches."
— Michael Rasmussen, Vice President and Analyst, IT Management & Services, Forrester
 

© 2002-2007 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers