论版本变化速度,AD绝对首屈一指,从FTK 4到现在的FTK 5也不过两年多时间,EnCase近期(初步预计8月初)将推出V7的新版本7.08,下面是一些新功能:

Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.

SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.

Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:

  • McAfee Endpoint Encryption v7
  • Sophos Safeguard Enterprise and Easy v6
  • Check Point Full Disk Encryption for PC v8
  • Check Point Full Disk Encryption for Mac v3
  • OS X FileVault 128-AES

Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).

Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).

File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.

Evidence Processor Workflow Improvements
File Signature Analysis will no longer be required. 
Recover Folders will be capable of being run on initial processing or subsequent processing.

Hash Set Management Improvements
EnCase will allow investigators to view contents, search, and delete items from Hash Sets.

OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:

  • DMG, Sparse DMG and Sparse Bundles
  • Support BZIP and ADC compression for DMG images

Usability Improvements
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:

    • Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)
    • Create LEFs from Results view
    • Hot keys for Tags
    • Improved handling/representation of alternate body email attachments

[DFNews] What's coming in EnCase 7.08?的更多相关文章

  1. [DFNews] EnCase v7.08发布

    EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行 ...

  2. [DFNews] EnCase 更新至 v7.10

    有加密狗的可以注册接收邮件下载 暂时只有英文版 前几天讲课还说到,EnCase的Template倒是好,但是稍微改一下Case Template自带的Bookmark结构,那么Report就看不到了, ...

  3. iOS系列 基础篇 08 文本与键盘

    iOS系列 基础篇 08 文本与键盘 目录: 1. 扯扯犊子 2. TextField 3. TextView 4. 键盘的打开和关闭 5. 打开/关闭键盘的通知 6. 键盘的种类 7. 最后再扯两句 ...

  4. javaEE基础08

    javaEE基础08 一.继承 特点:继承父类的属性和方法,单继承(多继承) 特性:方法的复写(重写) 比如:人可以养狗 人------>狗:整体和部分(拥有)关系 关键字:extends 结构 ...

  5. 【玩转单片机系列001】 08接口双色LED显示屏驱动方式探索

    前些日子,从淘宝上购得一块08接口的双色LED显示屏(打算做个音乐频谱显示器),捣鼓了好几天,终于搞清楚了其控制原理,在这里做个总结,算是备忘吧. 1.LED显示屏的扫描方式 LED显示屏的扫描方式有 ...

  6. 《HelloGitHub月刊》第08期

    <HelloGitHub>第08期 兴趣是最好的老师,<HelloGitHub>就是帮你找到兴趣! 简介 最开始我只是想把自己在浏览GitHub过程中,发现的有意思.高质量.容 ...

  7. Spring Security(08)——intercept-url配置

    http://elim.iteye.com/blog/2161056 Spring Security(08)--intercept-url配置 博客分类: spring Security Spring ...

  8. 【博客美化】08.添加"扩大/缩小浏览区域大小" 按钮

    博客园美化相关文章目录: [博客美化]01.推荐和反对炫酷样式 [博客美化]02.公告栏显示个性化时间 [博客美化]03.分享按钮 [博客美化]04.自定义地址栏logo [博客美化]05.添加Git ...

  9. JavaScript学习08 Cookie对象

    JavaScript学习08 Cookie对象 JavaScript Cookie Cookie对象: Cookie是一种以文件的形式保存在客户端硬盘的Cookies文件夹中的用户数据信息(Cooki ...

随机推荐

  1. POJ 2226 最小点覆盖(经典建图)

    Muddy Fields Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 8881   Accepted: 3300 Desc ...

  2. build.xml详解

    build.xml详解1.<project>标签每个构建文件对应一个项目.<project>标签时构建文件的根标签.它可以有多个内在属性,就如代码中所示,其各个属性的含义分别如 ...

  3. [vijos P1180] 选课

    这一周竟然都没好好码题目,不过至少把这题的树形DP给摸了个大概.吐槽一下自己,递归已经基本不会用了…QAQ!按老师的话来说“太危险了!” 此题用到多叉树转二叉树,左孩子是真正意义的孩子(先修完自己才能 ...

  4. c/c++面试题(3)strcat/strcmp/strlen/strcpy的实现

    1.编写一个函数实现strlen以及strcpy函数. strcpy函数. 后面的字符串拷贝到一个字符数组中,要求拷贝好的字符串在字符数组的首 地址,并且只拷贝到'\0'的位置.原型是 char* m ...

  5. 性能测试报告的指标选择、数据选择和分析的参考【以Apache AB test为例】

    前几天尝试用loadrunner初试了一下性能测试,对于如何选择数据.生成数据后如何分析很是迷惑,刚刚翻看一篇网友的博客,很有条理,特此记录一下,以供参考 转自: http://liriguang.i ...

  6. goldengate 12.2中通过restful查看OGG状态

    安装ogg 12.2之后 GGSCI>create datestore 然后重启mgr 和其它进程, 通过浏览器http://ogg-server-ip:mgr-port/groups 可以看到 ...

  7. 使用PHP处理文本小技巧

    PHP的Cli模式使用:http://www.php.net/manual/zh/features.commandline.php PHP命令行部分参数:-B     在处理 stdin 之前先执行 ...

  8. I.MX6 eMMC 添加分区

    /********************************************************************************* * I.MX6 eMMC 添加分区 ...

  9. (实用篇)jQuery+PHP+MySQL实现二级联动下拉菜单

    二级联动下拉菜单选择应用在在很多地方,比如说省市下拉联动,商品大小类下拉选择联动.本文将通过实例讲解使用jQuery+PHP+MySQL来实现大小分类二级下拉联动效果. 先看下效果 大类:  前端技术 ...

  10. (实用篇)PHP中unset,array_splice删除数组中元素的区别

    php中删除数组元素是非常的简单的,但有时删除数组需要对索引进行一些排序要求我们会使用到相关的函数,这里我们来介绍使用unset,array_splice删除数组中的元素区别吧 如果要在某个数组中删除 ...