EnCase Enterprise   

Brochures:
EnCase Enterprise Information Assurance Suite(PDF)

 Security Infrastructure Complement Guide(PDF)
Webinars:
EnCase® Enterprise Information Assurance Suite: Solutions for Difficult Information Assurance Problems

 Enterprise Investigative Infrastructure Part 1: Fraud Detection & Mitigation

Enterprise Investigative Infrastructure Part 2: Incident Response
Whitepapers:

EnCase Enterprise Detailed Product Description (PDF)

Inside EnCase Enterprise: Review of Security Schema (PDF)

Comments on NIST Test Results for EnCase Enterprise 3.20 (PDF)

Evidentiary Authentication within the EnCase Enterprise Process (PDF)

CLICK HERE TO SEE ALL WHITEPAPERS

 
   
Untitled Page > products and services   > company   > resources   > support   > message boards
Automated IR Suite eDiscovery Suite IA Suite Modules Hardware

Home > EnCase Enterprise > Information Assurance Suite

EnCase® Enterprise Information Assurance Suite

Guidance Software has engineered a solution to complete your defense-in-depth strategy — the EnCase Information Assurance Suite (IA). Network-enabled, its speed, streamlined and automated processes, scalability and precision allow you to mitigate and oftentimes eliminate known and unknown risks. This single solution is mapped to your information assurance needs. The results: significant savings in manpower, improved operations and increased IA-officer productivity.

  • Rely upon the computer investigation software of choice for law enforcement, government agencies and corporations around the world.
  • Gain real-time incident response capabilities with alerting-system integration and automation that allow you to comprehensively scan your network at unprecedented speeds.
  • Achieve the most thorough and efficient InfoCon baselining available.
  • Conduct complete classified spillage clean-up with the only tool that enables automatic, targeted search and remediation.
  • Rely on automatic and accurate compliance assessments to help you ensure IAVA compliance.

The Information Assurance Suite consists of the following modules, which can also be purchased separately. These modules expand the cutting-edge computer forensic investigation capabilities of EnCase Enterprise:

  • Automated Incident Response Module (AIRS)
  • Classified Spillage Module
  • InfoCon Baselining Module
  • IAVA Compliance Module

1.) Automated Incident Response (AIRS) Module
For information on how AIRS works click here.

2.) Classified Spillage Module
The Classified Spillage Recovery module utilizes EnCase Enterprise servlets to search the network (desktops, file servers, mapped drives/fileshares and removable media) for documents reactive to a specified set of search criteria. The key features of the Classified Spillage Recovery module are as follows:

Automated, Targeted and Scalable Search: Automated, 24/7, targeted searches collect only potentially relevant data. Multiple collections can occur simultaneously, through the use of multiple Examiners, to scale to a network of any size. A central tracking database coordinates the various collection efforts around the clock. 

  • Almost all data is searchable, including:
    • Email and email attachments from Exchange Server, Domino Server, static PST files and static NSF files
    • Most files types, such as PDFs, Microsoft applications, foreign language documents, etc.
    • Can search all operating system platforms supported by EnCase Enterprise, as well as most major data repositories
  • Powerful Search Criteria: The module provides the ability to search on any combination of file metadata, keywords and matching digital fingerprints. Data collected by a certain set of criteria are tied to that search set with a unique identifier, creating a record of how that particular data was located. Search criteria are stored for reusability. Subsequent collections collect only new data. 

File Search:

  • File Metadata
    • File type
    • File size
    • File name
    • Created, Modified or Last-Accessed times
  • User name or security ID
  • Keywords within files using regular expressions (GREP)
  • Digital fingerprints (i.e., hash values)

Email Search:

  • Email header fields (e.g., TO, FROM, CC fields, Subject, time sent/received, etc.)
  • Body of the message
  • Attachments

Administration: Because of the sensitivity of these types of investigations the Classified Spillage module contains extensive logging in addition to what is already provided by EnCase Enterprise.

  • SAFE Logging: The SAFE logs EnCase user information and actions as a method of tracking the high-level collection activities.
  • Custodian Logs: For each scanned custodian there is an independent session log that lists every file that was scanned and which ones were collected.
  • Database Logging: A collection database provides a reporting interface that shows progress of the collection (e.g., number of machines collected, percent complete), collection metrics (e.g., files collected/scanned, gigabytes collected/scanned) and the average scan time for a device.

Compliance Enforcement/Remediation: once a document is located that is reactive to the search, it is often desirable to remove that document permanently. The Classified Spillage module allows you to wipe the individual file.

  • After revealing exposed classified information, EnCase Enterprise automatically wipes the responsive hits, while collecting individual files and the associated metadata in a Logical Evidence File (LEF) for evidentiary purposes.
  • Allows auditing for electronic records management policy compliance, and automatically wipes noncompliant records, while preserving it in an LEF as a record of the audit results.
  • Allows the migration of data to the archives via a the Virtual File System (VFS), which mounts the responsive data as a shared drive.

3.) IAVA Compliance
The IAVA Compliance module scans the enterprise to validate at an MD5 level that it is in compliance with patch management standards required by the government. It works by inputting these standards from vulnerability databases and then comparing that to the information collected from the network.

Database Support:

  • IAVA
  • OVAL

Vulnerability Check:

  • Check for proper registry entries
  • Check for proper files entries
  • Check for proper version numbers for files
  • Check for proper hash on files.

Generate detailed reports based on the findings

InfoCon Hardening
The InfoCon Hardening module works by comparing a known baseline of hashed processes to the hashes of the executable programs currently installed on the network.

Hash Set Support:

  • User-defined: Users can define their own hash sets either by building them from scratch or by pointing the module at clean machines (processes do not need to be running while building the hash sets).

Differential Analysis:

  • Processes running and installed on the network can be compared to both user-defined hash sets and the hash database. Unknown processes and known malicious processes are flagged for quick identification and remediation.
  • Multiple scans can be compared to each other for time-based differential analysis.
  • Targeted scans for known malicious code, unauthorized code and unknown code that vulnerability assessment tools won't detect (injected dlls, covert channels, etc.).

Remediation: kill processes, wipe files or modify registry when unknown, malicious or unauthorized binaries are identified.

 
 

 

 

 

© 2002-2007 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers