EnCase Enterprise   

Brochures:
Encase® Enterprise for Corporations(PDF)
Encase® In Action(PDF)
Encase® Bit9 Analyzer(PDF)
Webinars:
Building an Investigative Infrastructure to Solve Critical Business Problems

Forensics as a critical component to incident response

Using Forensics to Protect IP and Customer Data Proactively

Using Forensics to Comply with New Federal Rules of EnCase eDiscovery

Whitepapers:

Inside EnCase Enterprise: Review of Security Schema (PDF)

Evidentiary Authentication within the EnCase Enterprise Process (PDF)

Computer Hardware Recommendations for EnCase Forensic and EnCase Enterprise (PDF)

Digital Privacy Considerations with the Introduction of EnCase® Enterprise (PDF)

CLICK HERE TO SEE ALL WHITEPAPERS

 
Skip Navigation Links
> products and servicesExpand > products and services
Skip Navigation Links
> companyExpand > company
Skip Navigation Links
> resourcesExpand > resources
Skip Navigation Links
> contact supportExpand > contact support
Skip Navigation Links
> support portal
  
EnCase eDiscovery EnCase Information Assurance EnCase Data Audit & Policy Enforcement Modules Hardware

Home > EnCase® Enterprise Home > How it Works

How EnCase® Enterprise Works

Encase® Enterprise works by combining five components (the Examiner, the SAFE, the Servlet, the Enterprise Connection and the incident response capability (Snapshot) into one overall system that delivers an enterprise-class, investigative infrastructure. This single tool integrates seamlessly with your existing systems to give you immediate access to comprehensive information on computers across the entire network in a secure fashion. In addition to complete network transparency, EnCase® Enterprise also enables you to remediate any security event as it is identified.

EnCase® Enterprise Components

The EnCase® Enterprise investigative platform consists of five components, including the SAFE, Examiner, Servlet, Enterprise Connections and Incident Response (Snapshot) capability.

The SAFE (Secure Authentication For EnCase)
A server used to authenticate users, administer access rights, retain logs of EnCase® transactions, broker communications and provide for secure data transmission. The SAFE communicates with Examiners and target nodes using 128 bit AES encrypted data streams to protect inter-component communication.

The Enterprise Examiner
Software installed on a computer where authorized investigators perform incident response, investigations and audits on designated systems. This software leverages the robust functionality of the world's standard in investigative enforcement, EnCase® Forensic, with network-enhanced capabilities for security, administration and enterprise investigations.

Servlet
A nonintrusive, auto-updating, passive software agent that is installed on workstations and servers for anytime protection. Connectivity is established between the SAFE, the Servlet and the Examiner to analyze and acquire devices that have the Servlet installed. The Servlet has special stealth capabilities for the most challenging environments. Servlets run on the following operating systems: All Windows operating systems, Linux kernel 2.4 and above, Solaris 8/9 both 32 & 64 bit, Mac OSX and AIX.

Enterprise Connection
A secure virtual connection that is established between the Examiner and target machines. The number of concurrent connections controls the number of machines that can be analyzed simultaneously.

Incident Response Analysis (Snapshot)
Snapshot quickly captures volatile data, providing detailed information on what was occurring on a system at a given point in time.

 
 

© 2002-2008 Guidance Software, Inc. All Rights Reserved.
Privacy Statement | Historical Information | Contact Us | Careers | Mailing List | Resellers