论版本变化速度,AD绝对首屈一指,从FTK 4到现在的FTK 5也不过两年多时间,EnCase近期(初步预计8月初)将推出V7的新版本7.08,下面是一些新功能:

Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.

SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.

Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:

  • McAfee Endpoint Encryption v7
  • Sophos Safeguard Enterprise and Easy v6
  • Check Point Full Disk Encryption for PC v8
  • Check Point Full Disk Encryption for Mac v3
  • OS X FileVault 128-AES

Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).

Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).

File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.

Evidence Processor Workflow Improvements
File Signature Analysis will no longer be required. 
Recover Folders will be capable of being run on initial processing or subsequent processing.

Hash Set Management Improvements
EnCase will allow investigators to view contents, search, and delete items from Hash Sets.

OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:

  • DMG, Sparse DMG and Sparse Bundles
  • Support BZIP and ADC compression for DMG images

Usability Improvements
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:

    • Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)
    • Create LEFs from Results view
    • Hot keys for Tags
    • Improved handling/representation of alternate body email attachments

[DFNews] What's coming in EnCase 7.08?的更多相关文章

  1. [DFNews] EnCase v7.08发布

    EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行 ...

  2. [DFNews] EnCase 更新至 v7.10

    有加密狗的可以注册接收邮件下载 暂时只有英文版 前几天讲课还说到,EnCase的Template倒是好,但是稍微改一下Case Template自带的Bookmark结构,那么Report就看不到了, ...

  3. iOS系列 基础篇 08 文本与键盘

    iOS系列 基础篇 08 文本与键盘 目录: 1. 扯扯犊子 2. TextField 3. TextView 4. 键盘的打开和关闭 5. 打开/关闭键盘的通知 6. 键盘的种类 7. 最后再扯两句 ...

  4. javaEE基础08

    javaEE基础08 一.继承 特点:继承父类的属性和方法,单继承(多继承) 特性:方法的复写(重写) 比如:人可以养狗 人------>狗:整体和部分(拥有)关系 关键字:extends 结构 ...

  5. 【玩转单片机系列001】 08接口双色LED显示屏驱动方式探索

    前些日子,从淘宝上购得一块08接口的双色LED显示屏(打算做个音乐频谱显示器),捣鼓了好几天,终于搞清楚了其控制原理,在这里做个总结,算是备忘吧. 1.LED显示屏的扫描方式 LED显示屏的扫描方式有 ...

  6. 《HelloGitHub月刊》第08期

    <HelloGitHub>第08期 兴趣是最好的老师,<HelloGitHub>就是帮你找到兴趣! 简介 最开始我只是想把自己在浏览GitHub过程中,发现的有意思.高质量.容 ...

  7. Spring Security(08)——intercept-url配置

    http://elim.iteye.com/blog/2161056 Spring Security(08)--intercept-url配置 博客分类: spring Security Spring ...

  8. 【博客美化】08.添加"扩大/缩小浏览区域大小" 按钮

    博客园美化相关文章目录: [博客美化]01.推荐和反对炫酷样式 [博客美化]02.公告栏显示个性化时间 [博客美化]03.分享按钮 [博客美化]04.自定义地址栏logo [博客美化]05.添加Git ...

  9. JavaScript学习08 Cookie对象

    JavaScript学习08 Cookie对象 JavaScript Cookie Cookie对象: Cookie是一种以文件的形式保存在客户端硬盘的Cookies文件夹中的用户数据信息(Cooki ...

随机推荐

  1. 一个getjson()方式调用实例【前后台】,适于跨域访问。

    题记:首次发个随笔,把以前写的一个笔记发过来,劝当记录,以供查询. jquery的推出确实解决了大部分程序员都感到头痛的事情,无论是对于UI的访问和处理,还是在一系列的远程访问等方面都有了很大的改善, ...

  2. 1415-2个人项目Individual Project

    作业要求: 个人独立完成,实践PSP相关知识. 时 间: 两周. (本来截止4月30日,考虑到刚迁移平台,延缓至5月7日) 实践目标: Github基本源代码控制方法 利用Junit4进行程序模块的测 ...

  3. 跑马灯标记marquee

    常见属性: direction:滚动方向(left默)/right/up/down; behavior:滚动方式(scroll默)/slide/alternate来回弹动: width.height. ...

  4. WaitForSingleObject 和 WaitForMultipleObjects函数

    1.WaitForSingleObject 等待函数可使线程自愿进入等待状态,直到一个特定的内核对象变为已通知状态为止.这些等待函数中最常用的是WaitForSingleObject:   DWORD ...

  5. <我是一只IT小小鸟>读书笔记

    这篇文章给我感触最深的是开篇蒋宇东所出的一道选择题--今后的发展选择有三条:A.做一辈子IT民工:B.将大学时欠下来的债补上:C.改行. 他们用自己的成长故事告诉师弟师妹们:一定要弄清楚上大学首要的任 ...

  6. windows核心编程---第五章 线程的基础

    与前面介绍的进程一样,线程也有两部分组成.一个是线程内核对象.它是一个数据结构,操作系统用它来管理线程以及用它来存储线程的一些统计信息.另一个是线程栈,用于维护线程执行时所需的所有函数参数和局部变量. ...

  7. linux命令基础学习

    谨慎使用 rm -rf /* 命令 谨慎在SSH执行“rm -rf /*”,若不了解这个命令,可能导致整个Linux系统文件全部被删除. 这个删除命令只有 “root” 权限的帐号才可以执行,其它未取 ...

  8. 转: SQL Server索引的维护 - 索引碎片、填充因子

    转:http://www.cnblogs.com/kissdodog/archive/2013/06/14/3135412.html 实际上,索引的维护主要包括以下两个方面: 页拆分 碎片 这两个问题 ...

  9. python windows终端窗口下输出编码错误

    windows简体中文版下终端默认字符集gbk,执行chcp 65001临时修改字符集. 修改默认字符集:注册表HKEY_CURRENT_USER\Console项中CodePage值修改为65001

  10. 线段树(segment tree)

    线段树在一些acm题目中经常见到,这种数据结构主要应用在计算几何和地理信息系统中.下图就为一个线段树: (PS:可能你见过线段树的不同表示方式,但是都大同小异,根据自己的需要来建就行.) 1.线段树基 ...