论版本变化速度,AD绝对首屈一指,从FTK 4到现在的FTK 5也不过两年多时间,EnCase近期(初步预计8月初)将推出V7的新版本7.08,下面是一些新功能:

Evidence Processor Manager
Evidence Processor Manager allows for distribution and control of evidence processing for one or more EnCase Examiners or EnCase Processors. Every license of EnCase Forensic comes with an additional dongle for an EnCase Processor node. This allows the investigator to process on one machine, while examining on another. With Evidence Processor Manager, investigators will be able to distribute, prioritize and control processing within farms of EnCase Processors.

SAFE Configuration Package
Have you ever needed to migrate a SAFE from one environment to another? (e.g. for disaster recovery/planning) It's possible, but can be time consuming to migrate keys, user accounts, roles and permissions from one SAFE to another. We're simplifying this process through creation of a SAFE configuration package. This package exports the entire configuration of the SAFE and may be used to configure another SAFE for everything except for the machine specific setup.

Decryption Support Updates
Support for decryption (with credentials) of the following products will be updated:

  • McAfee Endpoint Encryption v7
  • Sophos Safeguard Enterprise and Easy v6
  • Check Point Full Disk Encryption for PC v8
  • Check Point Full Disk Encryption for Mac v3
  • OS X FileVault 128-AES

Windows ReFS Support
EnCase will parse and investigate devices using Windows Resilient File System (ReFS).

Solaris Volume Manager Support
EnCase will reconstruct logical volumes created with Solaris Volume Manager (SVM).

File Carver Enhancements
Several enhancements have been made to the File Carver module to improve the quality of carved results. In particular, JPEG images will be carved more comprehensively, with less reliance on default file types and sizes. Carved files will also be named with more information on the file itself, and the physical offset of where the file was carved from.

Evidence Processor Workflow Improvements
File Signature Analysis will no longer be required. 
Recover Folders will be capable of being run on initial processing or subsequent processing.

Hash Set Management Improvements
EnCase will allow investigators to view contents, search, and delete items from Hash Sets.

OS X Disk Image Format Support
Improving on our existing OS X investigation capabilities has been a priority for EnCase over the past 12 months. We are continuing these efforts with adding support for:

  • DMG, Sparse DMG and Sparse Bundles
  • Support BZIP and ADC compression for DMG images

Usability Improvements
We've been absorbing feedback from the v7 User's Group and are rolling out enhancements driven directly by you:

    • Adding columns to Bookmarks and Search views (description, unique offset, received, sent, URL host, TruePath, HasAttachments...+more)
    • Create LEFs from Results view
    • Hot keys for Tags
    • Improved handling/representation of alternate body email attachments

[DFNews] What's coming in EnCase 7.08?的更多相关文章

  1. [DFNews] EnCase v7.08发布

    EnCase v7.08 近日正式发布,7.08增加了Evidence Processor Manager以及Evidence Processor,不仅可以在本地实现证据处理队列,也支持了通过网络进行 ...

  2. [DFNews] EnCase 更新至 v7.10

    有加密狗的可以注册接收邮件下载 暂时只有英文版 前几天讲课还说到,EnCase的Template倒是好,但是稍微改一下Case Template自带的Bookmark结构,那么Report就看不到了, ...

  3. iOS系列 基础篇 08 文本与键盘

    iOS系列 基础篇 08 文本与键盘 目录: 1. 扯扯犊子 2. TextField 3. TextView 4. 键盘的打开和关闭 5. 打开/关闭键盘的通知 6. 键盘的种类 7. 最后再扯两句 ...

  4. javaEE基础08

    javaEE基础08 一.继承 特点:继承父类的属性和方法,单继承(多继承) 特性:方法的复写(重写) 比如:人可以养狗 人------>狗:整体和部分(拥有)关系 关键字:extends 结构 ...

  5. 【玩转单片机系列001】 08接口双色LED显示屏驱动方式探索

    前些日子,从淘宝上购得一块08接口的双色LED显示屏(打算做个音乐频谱显示器),捣鼓了好几天,终于搞清楚了其控制原理,在这里做个总结,算是备忘吧. 1.LED显示屏的扫描方式 LED显示屏的扫描方式有 ...

  6. 《HelloGitHub月刊》第08期

    <HelloGitHub>第08期 兴趣是最好的老师,<HelloGitHub>就是帮你找到兴趣! 简介 最开始我只是想把自己在浏览GitHub过程中,发现的有意思.高质量.容 ...

  7. Spring Security(08)——intercept-url配置

    http://elim.iteye.com/blog/2161056 Spring Security(08)--intercept-url配置 博客分类: spring Security Spring ...

  8. 【博客美化】08.添加"扩大/缩小浏览区域大小" 按钮

    博客园美化相关文章目录: [博客美化]01.推荐和反对炫酷样式 [博客美化]02.公告栏显示个性化时间 [博客美化]03.分享按钮 [博客美化]04.自定义地址栏logo [博客美化]05.添加Git ...

  9. JavaScript学习08 Cookie对象

    JavaScript学习08 Cookie对象 JavaScript Cookie Cookie对象: Cookie是一种以文件的形式保存在客户端硬盘的Cookies文件夹中的用户数据信息(Cooki ...

随机推荐

  1. Windows下gvim配置

    Windows下gvim配置原作地:http://hi.baidu.com/leemoncc/blog/item/a6be15cf40d7ab31b600c806.html 0.准备软件及插件. (a ...

  2. 计算机网络(6)-----运输层概述和UDP协议

    运输层(Transport Layer) 定义 运输层负责端到端的通信,既是七层模型中负责数据通信的最高层,又是面向网络通信的低三层和面向信息处理的最高三层之间的中间层.运输层位于网络层之上.会话层之 ...

  3. javascript 继承实现

    JavaScript高级程序设计读书笔记 这本书继承的实现列举了好几种,里面有两种是比较靠谱的. 1 组合继承 //父构造函数 function Super(name) { this.name = n ...

  4. 网站后台调用winform MessageLoopApartment

    using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.T ...

  5. Java中的HashSet和TreeSet

    1:Set集合(理解) (1)Set集合的特点 无序,唯一 (2)HashSet集合(掌握) A:底层数据结构是哈希表(是一个元素为链表的数组) B:哈希表底层依赖两个方法:hashCode()和eq ...

  6. 关于struts2.0 中 struts.xml设置了struts.devMode 的值为TRUE后仍然不起作用的分析

    首先确认jdk 和tomcat的环境变量是否配置正确. 下面是配置方式 jdk的环境变量配置步骤: 安装j2sdk以后,需要配置一下环境变量,在我的电脑->属性->高级->环境变量- ...

  7. char*或string转换成LPCWSTR

    VS2010默认是Unicode的,在VC 6.0中编译成功的项目在VS2010中常会出现类型错误. 经常出现的错误是:不能从const char *转换为LPCWSTR 如使用CreateDC(&q ...

  8. Android应用增加计时器

    昨天写的Sudoku游戏需要增加计时器功能,使用Chronometer实现如下,由于Chronometer自己在调用stop之后后台的计时器还会继续增加,所以暂停功能需要额外实现: 在StartAct ...

  9. POJ-1182 分组并查集

    今天刚发现,之前做的并查集只是贴模板基本就能过,题意改变一点,自己还是不懂,其实我还没入门呢... 题意:食物链,A吃B,B吃C,C吃A,输入m组数据: 1 a b:a 和 b 是同一类 2 a b: ...

  10. 在windows环境下,为什么要用Notepad++编辑?

    摘自廖雪峰的git教程之创建版本库 首先这里再明确一下,所有的版本控制系统,其实只能跟踪文本文件的改动,比如TXT文件,网页,所有的程序代码等等,Git也不例外.版本控制系统可以告诉你每次的改动,比如 ...