حصريا علي منتدى الاسكندريه واهداء الي كل اعضاء المنتدي الكرام
برنامج
EnCase Forensic v4.20
هذا البرنامج الذي تستخدمه الجهات الامنية من مخابرات وشرطة (مباحث) للبحث والتنقيب
داخل اجهزة الكمبيوتر الخاصة بالاشخاص المشتبه بهم ومن ثم توثيق اية ادلة وبراهين
وتقديمها في المحاكم ضد المتهمين .
والبرنامج هو أحد البرامج الهـامة التي تعتمـد عليها الاجهزة الامنية في الدول الغربية
والولايات المتحدة
وقد اُستخدم في العديد من القضايا ضد المشتبه بهم بقضايا الارهـاب !
والبرنامج يقوم بعمليات تدقيق وبحث مكثفة داخل الجهاز المشتبه به
في خاصية Tools في اعلى البرنامج يوجد خيار Wipe Drive وهذا الخيار سيقوم بحذف
كل المعلومات على الديسك المختار ..... فيجب الحــذر !!
ويوجد من ضمن البرنامج كتاب تعليمي للتعامل مع البرنامج وتوضيح اهم مميزاته
والكتاب بصيغة PDF
سعــر البرنامج : 3600 $ دولار امريكي
ويُباع بسعر مُخفض للجهات الامنية : 2400 $ دولار أمريكي
وسعــر النسخــة على موقع ********: $$ مجـــأني $$
EnCase Forensic has become the industry standard tool for uncovering, analyzing and presenting forensic data. Used by investigators in law enforcement, government, small businesses, consulting firms and corporations, EnCase Forensic provides a robust way to authenticate, search and recover computer evidence rapidly and thoroughly.
Computer evidence recovered with EnCase has been admitted into thousands of court proceedings in several countries and jurisdictions, and the EnCase software has been validated by the courts in several published decisions.
With the launch of Version 5, Guidance Software ensures that EnCase Forensic continues to meet the evolving needs of our customers. Using feedback from government, law enforcement and corporate investigators, we’ve enhanced nearly every component of EnCase Forensic. The result is an even more powerful tool that speeds up data acquisition and analysis to better support the rigors of criminal investigations and prosecutions.
Enhanced Analytical Features
A critical component of any investigation involves the analysis of e-mail communications, whether
personal, corporate or Internet based. V5 offers enhanced e-mail support for:
- Outlook (PST) and Outlook Express (DBX)
- AOL 6.0, 7.0, 8.0, and 9.0 Personal File Cabinets (PFCs)
- Web-based e-mail formats including Yahoo, Hotmail, and Netscape Mail
- MBOX archives (the de-facto standard used by almost every popular mail reader, on UNIX, Windows and Mac)
- Outlook Newsgroups in DBX
In addition, V5 features Web browsing display support for cached HTML pages from the Internet, as well as detailed access to browsing history.
V5 also offers expanded support for the most popular Web browsers, including Mozilla Firefox, Opera and Apple Safari (Mac OS X default).
And there is expanded file system support for:
- IBM’s Journaling File System (jfs and JFS) and AIX LVM8
- TiVo support, including TiVo Series One (Big Endian) and TiVo Series Two (Little Endian)
Acquisition Enhancements
The first and most important step in the computer forensic process is the acquisition of the digital media and preserving its evidentiary value. The following improvements are new acquisition options for speed and error handling.
New “Linen” (Linux for EnCase) for bootable forensic CDs:
- Uses a familiar EnCase DOS GUI for drive-to-drive acquisitions, network crossover cable acquisitions and searches across seized media
- Offers the ability to run on a Linux workstation
An enhanced acquisition engine, which now offers:
- A user-designated granularity setting for acquiring hard drives with bad sector(s). Users can adjust variable block sizes up to 16MB in Windows, and set the level to one sector which forces slower acquisitions, but allows for a sector-by-sector read of hard drives with errors
- Ability to record granularity and compression settings in the evidence file
- Ability to change evidence file segment size with a quick reacquisition
Enhanced Digital Evidence Administration
Managing the vast amount of digital evidence in any investigation or inquiry can be cumbersome. The following features go a long way toward making the administrative tasks easier.
V5 can create “logical evidence files” to let examiners:
- Add or extract selected files from across seized media while maintaining the metadata/integrity of the original file, creating a new type of evidence fi le that contains only those selected files
- Automatically generates MD5 hash values to authenticate the files of interest added to the logical evidence file
- Create a logical evidence file container that lets you include multiple logical evidence file acquisitions
In addition, users can make logical volume notations and edit the names of logical volumes, for easier recognition and improved clarification in the Case view.
Interface Changes and Enhancements
The Encase V5 interface has been enhanced to enable better management and analysis of data. These enhancements give examiners and security practitioners quick and easy access to the powerful EnCase toolset. The Enhanced V5 interface, which is based on the V4 GUI, will allow users to:
- Undock selective windows within the interface and view them on separate computer monitors
- View new display tabs for e-mail *******s, Web cache *******s and Internet history
- Save keywords locally by case file or globally in the keywords.ini file as sources for searching
Finally, V5 offers online access to HTML help pages on Guidance Software’s Web site, and offline access to local HTML help files via EnCase’s Help menu.
These are just a few of the significant additions and enhancements for the initial release of EnCase Forensic V5.
EnCase: Forensically Sound Acquisitions
The first step of any computer forensic investigation is to acquire the media in a manner that preserves the original electronic evidence. EnCase supports the acquisition of virtually all media that can be attached to a system; hard drives, Zip disks, USB devices, flash cards, Palm Pilots, etc. EnCase performs media acquisitions by producing an exact binary duplicate of data on the original media. EnCase verifies this by generating MD5 hash values of both the original media and all data contained within the resulting evidence file. In addition, each 64K block of the evidence file is assigned a CRC value. These hash and CRC values are checked each time the evidence file is accessed. With matching hash and CRC values, the investigator easily confirms the authenticity of the evidence.
Optimized Search Engine
With years of product development and market feedback, Guidance Software has achieved tremendous throughput in EnCase by continually optimizing the search engine. The latest algorithm gives multiple-term keyword searches near-identical throughput to single-term keyword searches. This performance allows investigators to keep pace with ever-growing caseloads and the tremendous storage capacity of new workstations and servers.
PST Email Support
Outlook is one of the most popular e-mail programs today. The file format associated with Outlook is the PST file. EnCase can read PST files and extract e-mail for plain-text analysis. EnCase supports PST files that have both compressible encryption and full encryption. EnCase also bypasses PST file passwords.
Multiple Case Management
No longer will investigators need to investigate cases in a serial fashion. EnCase features multiple case management, allowing investigators to simultaneously run multiple cases on multiple media targets. While acquiring media, an investigator can now search, preview or acquire other media. In addition, with EnCase's advanced search engine, investigators can share search criteria across multiple cases
طريقة تنصيب البرنامج + الكراك :
- نصب البرنامج كاملا ولالالالالا تُعيد تشغيل الجهاز عندما يطلب منك ذلك
- إنسخ الكراك ( بصيغة Enhkey.dll ) والصقه في مجلد البرنامج
- أعــد تشغيل الجهــاز وإفتح البرنامج وسيكون كاملا !
رابط التحميل:
اضغط هنــــا