This software is a powerful network-enabled, multiplatform enterprise investigation solution that dramatically reduces the cost and improves the effectiveness of information security professionals, Computer Incident Response Teams (CIRTs), eDiscovery auditors, and forensic examiners. EnCase Enterprise enables analysts to reach across the enterprise and respond to security incidents, proactively investigate issues of fraud, conduct forensics investigations, automate eDiscovery operations, or perform network and software audits. Without EnCase Enterprise, organizations must resort to cumbersome and inefficient manual processes using stand-alone utilities. These can extend the response and investigation process by several days if not weeks, and require target systems to be taken out of service.
Key Features & Benefits: An enterprise investigation solution that provides a scalable integrated platform to immediately respond and thoroughly investigate computer related incidents. Immediate response to incidents with no system downtime. Reduced response time can limit incident impact. Capture and analyze volatile data including active network sessions, live registry, open files and running processes. Adds intelligence to IDS and SIM alerts by capturing volatile data in real-time as the event is happening. A single tool for investigation and analysis of multiple platforms: Windows, Linux and Solaris. Ability to identify and remediate windows based Rootkits. Securely investigate/analyze machines over the LAN/WAN. Investigate and analyze many machines simultaneously at a disk level. Ability to find information despite efforts to hide, cloak, or delete. Discretely carryout investigations without alerting target. Acquire & preserve data in a forensically sound (court accepted) fashion. Ability to transfer evidence files directly to law enforcement or legal representatives as necessary. Efficient indentification, effective capture of information upon eDiscovery request. Proactively audit groups of machines for sensitive or classified information. Audit large groups of machines for unauthorized processes and network connections. Audit machines for zero day events. Ability to remediate or stop security events as they are identified where ever they are taking place.
Users: Enterprises
Guidance Software, Inc.
215 North Marengo Ave.
Pasadena, CA 91101 USA
Tel: (626) 229-9191
Fax: (626) 229-9199
www.guidancesoftware.com
