论版本变化速度,AD绝对首屈一指,从FTK 4到现在的FTK 5也不过两年多时间,EnCase近期(初步预计8月初)将推出V7的新版本7.08,下面是一些新功能:
Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.
SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.
Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:
- McAfee Endpoint Encryption v7
- Sophos Safeguard Enterprise and Easy v6
- Check Point Full Disk Encryption for PC v8
- Check Point Full Disk Encryption for Mac v3
- OS X FileVault 128-AES
Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).
Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).
File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.
Evidence Processor Workflow Improvements
File Signature Analysis will no longer be required.
Recover Folders will be capable of being run on initial processing or subsequent processing.
Hash Set Management Improvements
EnCase will allow investigators to view contents, search, and delete items from Hash Sets.
OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:
- DMG, Sparse DMG and Sparse Bundles
- Support BZIP and ADC compression for DMG images
Usability Improvements
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:
- Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)
- Create LEFs from Results view
- Hot keys for Tags
- Improved handling/representation of alternate body email attachments