EnCase Cybersecurity

May 18, 2009 by Lee Whitfield
Filed under News

Another new product from Guidance. Note the irony given the breach that Guidance suffered a couple of years back.

Guidance Software Announces New EnCase(R) Cybersecurity Solution With Adaptive Technology to Proactively Combat Malware

Offers government agencies leap-ahead technology to combat ever-changing malware landscape

PASADENA, Calif., May 18, 2009 (BUSINESS WIRE) — Guidance Software Inc. (NASDAQ:GUID), the World Leader in Digital Investigations(TM), today announced EnCase(R) Cybersecurity, a comprehensive solution designed for computer network defense, incident response and counterintelligence. As government agencies around the world put defense against cyber attacks at the top of their security operations, EnCase Cybersecurity enables them to dynamically adapt to unknown malicious code and proactively identify network threats 24/7 in any cyber environment.

EnCase Cybersecurity provides robust endpoint attack sensing and mitigation across the enterprise. Using advanced threat and memory analytics, agencies can quickly identify computer systems at risk and provide both behavioral and deep code analysis on suspicious processes or binaries. As a threat is identified and zero day code is exposed, users can scan the network from a central console and remediate the threat from host computers without operational disruption. Employing a patent-pending technology, EnCase Cybersecurity enables agencies to fight the polymorphic and metamorphic code problem by determining if a new binaries share code base with previously attributed code. Unlike other fuzzy hashing approaches, EnCase Cybersecurity technology provides rapid on-the-fly assessment of malware across the enterprise, without requiring an organization to possess the source files of known malware past the initial point of infection.

“Until now, there has not been an enterprise protection solution to help agencies proactively identify unknown threats on the network before sensitive data becomes compromised,” said Victor Limongelli, President and CEO of Guidance Software. “EnCase Cybersecurity facilitates the shift from a reactive to proactive approach–enabling agencies to zero in on potential threats, completely recover computers from malicious code infiltration, and drastically reduce recovery costs.”

“Protected U.S. government networks have fallen prey to an alarming array of attacks in recent months. For contractors like Guidance Software, this is a critical time to support government agencies at a tactical level to meet threats headfirst as they try to gain control of the cyber-crisis,” said Kate Naunheim, Senior Analyst, Federal Opportunities at market intelligence research and consulting firm, INPUT.

Guidance Software has partnered with other leading technology vendors to bolster the value of EnCase Cybersecurity. By integrating with the Bit9 Global Software Registry, users can augment their own collection of trusted binaries with Bit9′s immense database of known good and bad binaries for comparison with their findings to reduce the time necessary for proactive audits and incident resolution. Furthermore, through integration with HBGary Responder Pro, users have access to powerful memory analytics.

Guidance Software is the only vendor in the enterprise investigation space holding DIACAP, Common Criteria EAL-2 and FIPS 140-2 certifications, assuring agencies that the solution is stringently secure. In addition, EnCase Cybersecurity is built upon forensically-sound technology, ensuring proper chain of custody should data be required as evidence in court proceedings.

EnCase Cybersecurity is expected to be available in the third quarter 2009.

About Guidance Software (GUID)

Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase(R) platform provides the foundation for government, corporate and law enforcement organizations to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as responding to eDiscovery requests, conducting internal investigations, responding to regulatory inquiries or performing data and compliance auditing – all while maintaining the integrity of the data. There are more than 30,000 licensed users of the EnCase technology worldwide, and thousands attend Guidance Software’s renowned training programs annually. Validated by numerous courts, corporate legal departments, government agencies and law enforcement organizations worldwide, EnCase has been honored with industry awards and recognition from eWEEK, SC Magazine, Network Computing, and the Socha-Gelbmann survey. For more information about Guidance Software, visit www.guidancesoftware.com.

GUID-F

SOURCE: Guidance Software Inc.

Tags:

EnCase Portable

May 18, 2009 by Lee Whitfield
Filed under News

Leave a Comment

The following press release just appeared in my email inbox. Not many details yet, but I’m sure we’ll get them soon.

Guidance Software Opens Up Exciting New Possibilities in Data Acquisition with Groundbreaking EnCase(R) Portable Solution

Dramatically Increases Data Acquisition Flexibility and Enables a Wider Range of Personnel to Easily Collect Evidence in the Field

PASADENA, Calif., May 18, 2009 (BUSINESS WIRE) — Guidance Software Inc. (NASDAQ:GUID), the World Leader in Digital Investigations(TM), today announced EnCase Portable(R), a groundbreaking new data acquisition solution on a USB drive that enables law enforcement, government, law firm and corporate customers to leverage the powerful search and acquisition capabilities of EnCase(R) in a wide range of field applications.

Unlike existing computer forensics solutions, EnCase Portable runs on a USB drive, rather than a laptop, and enables the user to easily and rapidly boot a target computer to the USB drive, and run a pre-configured data search and collection job. The ease-of-use and ultra-portability of EnCase Portable creates exciting new possibilities in data acquisition. Even personnel untrained in computer forensics can forensically acquire documents, Internet history and artifacts, images, and other digital evidence, including entire hard drives, with a few simple keyboard clicks.

EnCase Portable can be used in a wide range of applications, including:

Law Enforcement: enables police and civilian investigators to forensically acquire data without an onsite forensic expert
Government: enables personnel in the field to quickly and accurately collect data from computers and conduct covert operations
Corporations and Law Firms: enables enterprise IT or law firm paralegals to forensically acquire information from corporate computers for eDiscovery or corporate investigations

“EnCase Portable represents ‘EnCase for Everyone’ – it is a force multiplier for law enforcement, government agencies, law firms, and corporations. It is easy to use, fast and preserves digital evidence in the court-vetted evidence file format for which EnCase is known,” said Victor Limongelli, President and CEO of Guidance Software. “EnCase Portable further demonstrates Guidance Software’s continued commitment to innovation and highlights our ability to extend the EnCase platform to new products for customers across a wide range of industries.”

EnCase Portable is expected to ship on a 4GB USB drive, but can also be used on larger USB devices if required; with the use of a USB hub, data can be stored on a USB drive or on other media, such as external hard drives. The product is expected to be available in the third quarter 2009.

About Guidance Software (GUID)

GUID-F

Photos/Multimedia Gallery Available: http://www.businesswire.com/cgi-bin/mmg.cgi?eid=5967243&lang=en

SOURCE: Guidance Software Inc.

Tags:

The Changing Face of Phone Forensics

May 8, 2009 by Simon Whitfield
Filed under Methodologies & Best Practices

3 Comments

As the less-contributing member of the Forensic 4Cast team, I felt it was about time I wrote something.

My current position at work is that of supervisor of anything and everything associateed with the forensic examination of mobile phones (cell phones to those on the other side of the Atlantic). This has, over the past two years, been a part of my work, but has recently become pretty much all of it.

Lee, who as listeners will know, works next to me, has often commented jokingly to our phone examiners that they are involved in “play forensics” and that they would someday graduate to “real forensics” in examining computers and disk images. Everyone has found such comments amusing and taken them well, but the past few weeks have made me consider the forensic examination of mobile phones.

It may have been the case a year or two ago that mobile phone forensics was not as in-depth, complicated or interesting as computer forensics, but I don’t think that is really the case anymore.

With the advent of the Apple iPhone, the Nokia N95 (and other Symbian v9 based devices) and the wider acceptance of new HTC handsets like the Touch Diamond, the G1 and the Touch HD, mobille phone examinations are now considerably more complex.

Even if these phones are discounted, the average storage and capabilities of phones has been increasing. In the past two years I’ve seen the average size of a phone examination (what we archive following completion of the job) increase from 50-150 megabytes to more than half a gigabyte. That doesn’t sound like much, but when you consider the bulk of phones are still the smaller, older phones, this means anything newer has an average content size of a gigabyte or more, especially when considering the memory card. New HTC handsets (such as the Touch HD for example) can accept MicroSDHC card upto 32GB.

Phone forensic examinations used to consist of extracting all handset data and providing the client with it. This will have to change to include an in-depth analysis when an examiner considers and requires more specific case requirements when larger, more complex handsets are to be examined.

With these sizes increasing, content of mobile phones has also been changing.

My first mobile phone could make and receive calls, send and receive SMS messages, and unusually for the time, access WAP content. “Smartphones” can do anything from word processing to accessing full web pages and uploading and downloading video via YouTube, reading ebooks and uploading content directly to the likes of Facebook, Bebo and MySpace. Anyone not up-to-date on these mobile devices will miss eventually something that would have strengthened a case.

While the basics remain the same, standard mobile phone content may be the same, but the way it is stored is changing. SMS messages can be stored on memory cards on a number of handsets. When you think of the size of commercially available memory cards (as previously mentioned), the amount of messages that can be stored in this manner is massive. If a handset is examined and the memory card is not treated correctly, this kind of content can easily be missed.

With the ever-increasing array of mobile software or “apps”, it is becoming possible to do almost anything with a new mobile device. When you consider Java applications and the number of handsets that support them, this encompasses an almost unlimited number of handsets.

I think there is little doubt that the gulf between PC and phone examinations has become a line that is becoming smaller and smaller. As phone forensics establishes itself more, and as more handsets are released with more features, we will soon see the day where forensic examinations of any device will be treated in the same way as computers and other similar media. I think phone forensics itself has graduated, and is now as much a part of digital forensics as any work that can be undertaken on a PC.

Tags:

Episode 15 – Vacation’s Over

May 6, 2009 by Lee Whitfield
Filed under Podcast Episodes

EnCase Cybersecurity

EnCase Portable

The Changing Face of Phone Forensics

Episode 15 – Vacation’s Over

Recent Posts

Categories

Archives

Blogroll