EnCase Enterprise   

Brochures:
eDiscovery Suite (PDF)
Webinars:
"Why the eDiscovery Revolution is Important to InfoSec"

"The New Federal Rules and Their Impact"

 "Top Ten eDiscovery Pitfalls"

 "Executing an eDiscovery Litigation Hold"

Enterprise Investigative Infrastructure Part 3: eDiscovery
Whitepapers:

EnCase Enterprise Detailed Product Description (PDF)

Effective and Cost-efficient eDiscovery (PDF)

Systemizing eDiscovery for Compliance with the New Federal Rules (PDF)

Evidentiary Authentication within the EnCase Enterprise Process (PDF)

CLICK HERE TO SEE ALL WHITEPAPERS

 
   
Untitled Page > products and services   > company   > resources   > support   > message boards
Automated IR Suite eDiscovery Suite IA Suite Modules Hardware

Home > EnCase Enterprise > eDiscovery Suite

EnCase® Enterprise eDiscovery Suite

Guidance Software has engineered a complete, end-to-end eDiscovery solution that allows you to conduct thorough, court-compliant and defensible eDiscovery — identification, collection, processing and exporting to an attorney review platform — entirely in-house or with offsite hosting. The EnCase eDiscovery Suite streamlines the eDiscovery process, culling data at the point of collection, to save you time and money. This versatile, scalable and ultra-efficient eDiscovery solution is designed to meet all your eDiscovery needs.

  • Reduce your eDiscovery costs –- often by over 90%.
  • Tackle any eDiscovery request with a solution that is scalable for cases from a few megabytes to terabytes of data.
  • Collect only potentially relevant documents by culling at the point of collection.
  • Eliminate the need to take servers offline, as collections are performed while servers/desktops are running.
  • Rely on the tracking database to help you ensure all target computers are searched. The database also allows for concurrent searching and collecting from multiple computers.
  • Enhance defensibility by relying upon the world-recognized best practice for electronic discovery and EnCase software's unparalleled record in court.
  • Eliminate the need to hire external consultants and/or service providers.
  • Conduct eDiscovery collections on a worldwide network, all from a central location.

1.) Enterprise Search, Collection and Preservation
Automated, 24/7 searches collect only potentially relevant information in a court-validated manner. Multiple collections can occur simultaneously, through the use of multiple Examiners, to scale to an enterprise of any size.  A central tracking database coordinates the various collection efforts around the clock. The individual files, with their metadata intact, are then stored in Logical Evidence Files (LEF), one for each custodian device. These LEFs make it possible to forensically preserve relevant data without having to capture entire hard drives.

Almost all data is searchable, including:

  • Email and email attachments from Exchange Server, Domino Server, static PST files and static NSF files
  • Most files types, such as PDFs, Microsoft applications, foreign language documents, etc.
  • Can search all operating system platforms supported by EnCase Enterprise, as well as most major data repositories

Powerful Search Criteria: The Suite provides the ability to search on any combination of file metadata, keywords and matching digital fingerprints.  Data collected by a certain set of criteria are tied to that search set with a unique identifier, creating a record of how that particular data was located. Search criteria are stored for reusability. 

File Search:

  • File Metadata
    • File type
    • File size
    • File name
    • Created, Modified or Last-Accessed times
  • User name or security ID
  • Keywords within files using regular expressions (GREP)
  • Digital fingerprints (i.e., hash values)

Email Search:

  • Email header fields (e.g., TO, FROM, CC fields, Subject, time sent/received, etc.)
  • Body of the message
  • Attachments

Exclude data from searches: This feature allows the user to specify files that should be skipped and not searched or collected. For example, exclude all system files from the identification/collection process. This reduces the amount of time necessary to do a collection.

Mapped Drive Collections: Can search a variety of devices that can support the SMB protocol. If Windows can map a drive to the device then the eDiscovery Suite can search and collect from it while preserving metadata.

Ongoing collections: Provides the ability to search and collect from a custodian many times, each time collecting only the differences from the original collection. This speeds up the re-collection effort if one is required.

Collection groups: Provide the ability to group hosts together so they are started at different times. This allows an enterprise to improve the efficiency of their collections.

Identification: Provides a way for the user to do a quick identification of responsive documents without actually collecting them. This is useful during the planning stage of eDiscovery where schedule and cost estimates are being provided, and the identification phase where the search criteria are being fine tuned.

2.) Processing Phase
Takes all gathered data from various sources and groups them into a single master repository (Logical Evidence File). This component provides the ability to do further filtering (i.e. culling) in creating the Master LEF using the same rich set of search criteria that were used in the collection.  In addition to secondary culling and consolidating data into a single data set, the software performs de-duplication of identical entries. The Master LEF will be used as input into the attorney review platform.  The processing abilities apply to both files and emails.

  • Perform secondary culling and the creation of a single set of responsive data.
  • Globally deduplicate across an entire collection or deduplicate on a custodian level.
  • View the collected data in its native file format.
  • Perform an automated file signature analysis.
  • Perform secondary culling and deduplicating of emails.
  • Extracted email messages can be stored in an LEF, a PST file (if a PST was the original source), an NSF file (if an NSF was the source) or MGS files.

3.) Case Screening Report (Identification)
Provides a quick file type assessment of a sampling of custodians to assist in defining search criteria for primary and secondary culling. It gathers file extension metrics on the files on a previewed drive or evidence file and generates an Excel report with summary results. This can be used to quickly deliver up-front metrics on the scope of the collection to help with tuning the search criteria. Also, when run during the various stages of the eDiscovery process, it allows the user to get file metrics on the data they’ve gathered to that point.

4.) Review Platform Exporting
Exports the Master LEF to the local file system or file server, creating a Concordance load file and a Concordance Database. Also provides an option to simply create the Concordance load file, which is useful for integration with other leading review platforms, as they can either be directly imported or easily converted. The 3 export methods are:

  • Export data to a review platform via the EnCase Virtual File System (VFS), which allows the user to take a set of responsive data and expose it to a review platform for importing.
  • Export to local file system creating a Concordance load file. Many review platforms can convert a Concordance load file, which allows easy transfer of data.
  • Export to the Concordance review platform by creating a Concordance eDiscovery database, load file and exporting files to a local file system or a file server.

5.) Enterprise Compliance Enforcement
During an Enterprise search, provides the ability to additionally wipe the files that meet the specified search criteria.

  • Provides the ability to reveal exposed confidential information in an Enterprise and automatically delete the responsive hits, first saving in a Logical Evidence File for evidentiary purposes.
  • Provides the ability to audit record management programs and policies. Automatically delete the responsive hits while first saving it in an LEF for later use.
  • Provides the ability to migrate data to archives via the Virtual File System (VFS), which mounts the response data as a shared drive.
  • The entire contents of the responsive files can be saved in the LEF, or just the filenames and original locations can be saved in the LEF.

6.) Administration (Logs and Database)
The eDiscovery Suite maintains a strict digital chain of custody during the discovery process to ensure a defensible process and compliance with the federal rules pertaining to electronic discovery.

  • SAFE Logging: The SAFE logs EnCase user information and actions as a method of tracking the high-level collection activities.
  • Custodian Logs: For each custodian collected from there is an independent session log that lists user information (who performed the collection), time of collection, every file that was scanned and which ones were collected.
  • Processing Logs: During the processing phase, where multiple LEFs are consolidated into a single Master LEF, a deduplication report is created which lists all the files that were consolidated and information about duplicates.
  • Database Logging: The eDiscovery database provides an elegant reporting interface that shows progress of the collection (e.g., number of machines collected, percent complete), collection metrics (e.g., files collected/scanned, gigabytes collected/scanned) and the average scan time for a device.

EnCase Preconfigured Appliance Solutions


Gather file extension analysis to cull your search criteria and shorten scan times.
(click to enlarge)
 


Apply Entry Conditions, Keywords, and/or Matching Files to your search criteria. GUID feature locks search criteria to enforce integrity of your searches. (click to enlarge)

 

 

© 2002-2007 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers