Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rollout: Guidance Software EnCase Enterprise 6

The Upshot

Claim
Guidance has added indexing and native file viewing, functionality rivals have had for a couple of years, while bolstering the strengths that have long put EnCase in a class by itself.
Context
IT groups struggle to determine exactly what occurred during a security incident without tainting evidence. EnCase Enterprise has long claimed to be the go-to forensic-investigation and incident-response platform, but it's lacked key features, meaning IT has had to supplement. Using a cobbled-together assortment of tools is no way to run an investigation.
Credibility
With EnCase 6, Guidance addresses the needs of enterprises that want to bring forensics, incident response and e-discovery in-house. New features plus great speed in examining machines over the network make EnCase practically untouchable by current competitors.


Guidance Software EnCase Enterprise 6

Do you have a Roger Duronio in your midst? In December the former systems admin was sentenced to eight years for planting malicious code that took down nearly 2,000 servers owned by UBS PaineWebber. If you don't, you're fortunate--four in 10 respondents to the latest CSI/FBI Computer Crime and Security survey attribute more than 20 percent of their organizations' financial losses to insider attacks. The trick is tracking the suckers down.

Enter forensics software like AccessData's Forensic Toolkit, Guidance Software's EnCase and Technology Pathways' ProDiscover. Once the purview of consultants and large enterprises with specialized staffs, these tools are now finding their way into more organizations so that these companies can respond effectively to security incidents, internal HR investigations and litigation requiring e-discovery.

We've always considered EnCase Enterprise a robust, all-in-one investigative platform, and new features--including an eagerly awaited full-text indexing engine, a native file viewer, expanded e-mail support and enhanced client-server features--only enhance its rep.

EnCase Enterprise also has a reputation as being expensive. Version 6 starts at $25,000 and goes up as features, such as additional Examiners, concurrent connections and modules for e-discovery and automated incident response, are added. To put that in perspective, forensic firm K&F Consulting charges $6,000 for an initial forensic audit, and for e-discovery, you'll pay $5,000 just to store a 40 GB to 80 GB hard drive.

  • 1