At CEIC Guidance announced their two latest products, one of which was EnCase Portable.
Aside from a few vague details we were given very little information about this new product, but the Guidance website has now been updated to provide some additional information and a new YouTube video has also been posted.
Starting with the information from the Guidance website we can see that EnCase Portable kit includes:
- 4GB USB drive with EnCase Portable preinstalled
- 16GB drive for additional storage
- 4 port USB hub
- EnCase Portable security key
- User guide
- EnCase Portable installation CD
- Carrying Case
Guidance also state key benefits and features on its website:
- Police, civilian investigators and parole officers can acquire data without requiring an onsite forensic expert
- Military and other government personnel can quickly and accurately collect data during covert operations
- Corporate IT or law firm personnel can acquire information at any location for eDiscovery or corporate investigations purposes
- Plug in and collect data immediately
- Enable novice computer users to be data collectors in matter of minutes
- Acquire data anywhere with EnCase Portable’s pocket-sized kit
- Search and collect cyber-intelligence without leaving a trace
- Store collected data in the forensically sound, court-validated EnCase® Logical Evidence File format
- Capture data from running or powered-off systems
- Customize search and collection jobs to create and configure more complex search criteria
- Easily install EnCase Portable on any USB drive
These details obviously raise more questions than they answer and I’m sure that Guidance will reveal more details as the release become imminent.
The YouTube video, on the other hand, provides quite a lot in terms of answers. The video can be found here. The video shows the contents of EnCase Portable and some of the potential capabilities of the software.
As is noted in the video the software is booted to, what appears to be, a live Windows environment and is capable of performing the following:
- Collect Internet Artifacts
- Collect Windows Event Logs
- Collect all Word Documents
- Collect all Images
- All PST
- All MPG
- Collect all Archive Files
- Capture Registry
- Collect EXE Files
- Collect all Email Archives
- Collect Mail Archives
- Collect TEMP Files
I suspect that, given that some of this information is quite repetitive and/or ambiguous (such as ‘Collect all Images’) that users will be able to preconfigure the software to capture whatever data they wish. They then select the required options and capture that data to the relevant device in an EnCase logical evidence file. It appears quite simple and straight forward. Once I’m able to see one of these things up close I’ll give a more indepth review.