Release 16 EP6 - What's New in EnCase & Tableau

What’s New in EnCase and
Tableau

OpenText Confidential. ©2019 All Rights Reserved. 2
Recent Releases
EnCase™ Forensic Tableau Hardware
EnCase™ Endpoint Investigator EnCase™ Endpoint Security
Forensic
Security

Forensic
The industry gold standard for
scanning, searching, collecting and
securing forensic data for internal
investigations and law enforcement

• Forensically sound acquisition of
evidence
• Deep forensic analysis
• Broad OS support
• Unmatched decryption
• Powerful evidence processing
• Mobile collection for 27,000+ profiles
• Flexible reporting options
• Court proven
Key benefits of EnCase Forensic

• Offering the broadest support of operating and file systems, artifacts and encryption types,
EnCase Forensic enables the investigator to provide conclusive results with a detailed
analysis of findings
• Supports APFS (Apple File System), helping investigators conduct targeted data collections
from APFS and send the output as an EnCase logical evidence file
• The enhanced indexing engine processes data quickly, helping organizations and government
agencies save costs by resolving incidents faster than ever
• EnCase offers industry leading training and certification (EnCE)
• No other solution offers the same level of functionality, flexibility or track record of court
acceptance. EnCase Forensic has been cited in thousands of court cases
Key differentiators of EnCase Forensic

What’s new in EnCase Forensic 8.09
● EnCase processor auditing and logging capabilities
✦ Monitor and track progress of your case in Encase
✦ Read logs in a text file, or a logging platform such as Splunk or Kibana
✦ More streamlined workflow
✦ Improved efficiency
● Checkpoint Encryption support
✦ Added Checkpoint Encryption support
✦ Ability to efficiently parse through evidence without reliance on third part tools to decrypt
● E-mail artifacts
✦ Support for the PST artifacts for Outlook 2013, 2016, and Office 365
✦ Ability to parse through different artifacts such as emails, calendar entries, contacts etc.
● Internet artifacts
✦ Ability to parse through artifacts in Firefox up to version 62

Voted by the forensic community
Unprecedented wins for 10 years in a row!
Best Forensic Solution for 10 years in a row!
2019 Encase
2018 Encase
2017 Encase
2016 Encase
2015 Encase
2014 Encase
2013 Encase
2012 Encase
2011 Encase
2010 Encase

Recent Releases
EnCase™ Forensic
Tableau Hardware
EnCase™ Endpoint Investigator EnCase™ Endpoint Security
Forensic
Security

Built for use both in the field and in
the lab, Tableau hardware meets
the critical needs of the digital
forensic community worldwide by
solving the challenges of forensic
data acquisition
Tableau Hardware

Most comprehensive forensic hardware product line
Software Utilities
Extends the hardware
value through
complementary
software applications.
Forensic Bridges
Reliable, hardware-
based write-blocked
access to digital media
in portable and
integrated form factors.
Forensic Imagers
Standalone, high-
performant forensic
imaging and triage of
physical media and
network shares.
Password
Recovery
Accelerates brute-
force password attack
performance through
custom hardware in
collaboration with
Passware and
EnCase.
Accessories
Custom-designed
adapters and cables
enable acquisition of
numerous media
types.

What’s new in Tableau Hardware
● Save and manage logical image search sets on
Tableau Forensic Imager (TX1)
✦ Ability to customize, name, and save logical imaging search
parameters for reuse
✦ Saves time and improves efficiency
● Secure device access on TX1
✦ Addition of a lock screen with PIN code
✦ Provides forensic examiners the ability to lock their screen while
they are away from the device
● Display list of CIFS shares on server with TX1
✦ Enhanced mounting of network shares is now available, using
CIFS (Common Internet File System) or iSCSI (Internet Small
Computer Systems Interface) as Source or Destination
Tableau Forensic Imager (TX1)

What’s new in Tableau Hardware
● Two new Tableau drive adapters
mSATA / M.2 SATA SSD PCIe U.2 SSD adapter

Recent Releases
EnCase™ Forensic Tableau Hardware
EnCase™ Endpoint
Investigator
EnCase™ Endpoint Security
Forensic
Security

Endpoint Investigator
The most powerful and efficient
solution for corporations and
government agencies to perform
remote, discreet and secure internal
investigations without disrupting
employee productivity or day-to-day
operations.

Differentiated features
● Kernel-level agent-based access across the widest range of files
and OS – now allowing for offline collection
● Templates and workflows for most common investigative tasks
● Roles and permissions to ensure authorized access to endpoints
● Complete access to disk, memory, and email

Key benefits
● Discreet, off-the-network collection capability
● Broad OS support across various devices
● Remote device access across geographies
● Forensically sound collection

Investigate everywhere with the most supported digital
investigations solution available
What’s New in v8.09 • Splunk integration – logging and auditing
• Microsoft PST 2013, 2016, 365 support
• Firefox artifact update
• Linux ram and process acquisition
• McAfee EPO support
EnCase

Investigate Everywhere.
Any OS | Any Repository | Any Cloud Source
Avoid investigation roadblocks with the most supported
digital investigation solution available
OpenText EnCase Endpoint Investigator

EnCase™ Forensic
Recent Releases
Tableau™ Hardware
EnCase™ Endpoint Investigator
EnCase™ Endpoint Security
Forensic
Security

Endpoint Security
The most complete threat detection
and response solution—eliminating
the time it takes to detect, validate,
triage, investigate, and remediate
known and unknown threats lurking
across the enterprise, unseen by
perimeter and network solutions.

Detect sooner
• Expose unknown risks or threats with behavioral and anomaly-based
detection
• Endpoint acts as the last line of defense for detecting threats missed by
other security tools
• Reduce the time to discover a compromise
Respond faster
• Increase efficiency and ROI with on-demand and automated response
• Reduce the total time and costs of response
• 89% reduction in time to triage and validate alerts, events and threats
Recover effectively
• Surgically remediate a threat completely reducing time to recovery by
90%
• Eliminating wipe and reimage process and gain an increase in uptime by
98% for affected devices with no loss of productivity
• Accurately asses impact to sensitive data and clean up data spillage
ENDPOINT
DETECTION &
RESPONSE
Close the security gap with
proactive threat detection, alert
triage and incident response

Who Uses EnCase Endpoint Security?

Endpoint Security
EnCase Endpoint
Security Dashboards help
security teams quickly
prioritize alerts and make
evidence-based decisions
to investigate or
remediate threats.

Advanced Threat
Detection
Forensic-grade
Response
Endpoint Security 6.
What’s New in v6.06
● Continuous endpoint
monitoring, at scale
● Endpoint isolation &
containment
● Plus general user
improvements, including:
- Targeted deployment
- Endpoint health status
- Memory acquisition

Scans Every Five Minutes
All endpoints with the enhanced
agent will take snapshots at five
minute intervals, regardless of the
frequency set in the wizard. The
metadata collected will be run
against the anomaly filters
deployed to that endpoint.
Targeted Anomaly Detection
The enhanced agent is not
designed for telemetry. It is built
specifically to alert analysts to
anomalous behavior on those
endpoints where it’s been
deployed. This allows for scalability
and limits alert fatigue, making it a
valuable, efficient threat detection
solution.
A Truly Active Agent
The enhanced agent for Endpoint
Security is not designed for one-off
use cases. It is an active agent that
once deployed, continues to work
around the clock to detect
anomalies, both online and off. The
enhanced agent only rests if an
anomaly is detected.
The Enhanced Agent & Endpoint Security

• Earlier detection for anomalies indicative of a security
breach
• Faster response to malicious activity – reducing triage time
by up to 90%
• More efficient recovery from security incidents by
approximately 77%
• Greater visibility via continuous monitoring of endpoints
Key benefits Endpoint Security

Thank You
Questions?
encase@opentext.com

Release 16 EP6 - What's New in EnCase & Tableau

More Related Content

What's hot (20)

Similar to Release 16 EP6 - What's New in EnCase & Tableau (20)

More from OpenText (20)

Recently uploaded (20)

Release 16 EP6 - What's New in EnCase & Tableau

Editor's Notes