EnCase Enterprise   

Brochures:
Security Infrastructure Complement Guide(PDF)
Webinars:
Enterprise Investigative Infrastructure Part 1: Fraud Detection & Mitigation

Enterprise Investigative Infrastructure Part 2: Incident Response

Enterprise Investigative Infrastructure Part 3: eDiscovery
Whitepapers:

EnCase Enterprise Detailed Product Description (PDF)

Inside EnCase Enterprise: Review of Security Schema (PDF)

Comments on NIST Test Results for EnCase Enterprise 3.20 (PDF)

Evidentiary Authentication within the EnCase Enterprise Process (PDF)

Digital Privacy Considerations with the Introduction of EnCase® Enterprise (PDF)

CLICK HERE TO SEE ALL WHITEPAPERS

 
   
Untitled Page > products and services   > company   > resources   > support   > message boards
Automated IR Suite eDiscovery Suite IA Suite Modules Hardware

Home > EnCase Enterprise Home > How it Works

How EnCase® Enterprise Works

Encase Enterprise works by combining five components (the Examiner, the SAFE, the Servlet, the Enterprise Connection and the incident response capability (Snapshot) into one overall system that delivers an enterprise-class, investigative infrastructure. This single tool integrates seamlessly with your existing systems to give you immediate access to comprehensive information on computers across the entire network in a secure fashion. In addition to complete network transparency, EnCase Enterprise also enables you to remediate any security event as it is identified.

EnCase Enterprise Components

The EnCase Enterprise investigative platform consists of five components, including the SAFE, Examiner, Servlet, Enterprise Connections and Incident Response (Snapshot) capability.

The SAFE (Secure Authentication For EnCase)
A server used to authenticate users, administer access rights, retain logs of EnCase transactions, broker communications and provide for secure data transmission. The SAFE communicates with Examiners and target nodes using 128 bit AES encrypted data streams to protect inter-component communication.

The Enterprise Examiner
Software installed on a computer where authorized investigators perform incident response, investigations and audits on designated systems. This software leverages the robust functionality of the world's standard in investigative enforcement, EnCase Forensic, with network-enhanced capabilities for security, administration and enterprise investigations.

Servlet
A nonintrusive, auto-updating, passive software agent that is installed on workstations and servers for anytime protection. Connectivity is established between the SAFE, the Servlet and the Examiner to analyze and acquire devices that have the Servlet installed. The Servlet has special stealth capabilities for the most challenging environments. Servlets run on the following operating systems: All Windows operating systems, Linux kernel 2.4 and above, Solaris 8/9 both 32 & 64 bit, Mac OSX and AIX.

Enterprise Connection
A secure virtual connection that is established between the Examiner and target machines. The number of concurrent connections controls the number of machines that can be analyzed simultaneously.

Incident Response Analysis (Snapshot)
Snapshot quickly captures volatile data, providing detailed information on what was occurring on a system at a given point in time.

 

 

 
 

 

 

 

© 2002-2007 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers