EnCase® Endpoint Investigator

ENCASE TECHNOLOGY IS TRUSTED BY CORPORATIONS AND GOVERNMENT AGENCIES WORLDWIDE

You are tasked with more types of investigations than ever before; HR issues, compliance violations, regulatory inquiries, IP theft, and more. To meet the needs of your internal stakeholders you need visibility across your endpoints, no matter where they are, and that is what we provide.

• Perform any type of internal or regulatory investigation
• Work discreetly without interrupting the business
• Collect data from off-the-network endpoints to keep your investigations moving
• Work discreetly without interrupting the business or alerting employees

Be confident in your investigation findings using EnCase technology that is trusted by corporations and governments with a proven record of court acceptance. No other solution offers the same level of forensic capabilities and flexibility.

TRIAGE

Simplify Triage Across Your Network

Identifying the relevance of potential evidence, prioritizing it, and determining whether further processing is needed are key aspects of the triage phase of an investigation. With EnCase Endpoint Investigator can quickly review information stored on computers across your network in real-time – without altering or damaging information.

COLLECT

More Data, More Devices – Faster

EnCase Endpoint Investigator helps you acquire more evidence, faster than any product on the market. From every endpoint on your network, and even off-the-network endpoints – no matter where it’s located. This is the flexibility needed to ensure you can complete your cases no matter where the potential evidence resides.

PROCESS

Automate the Routine, Focus on the Investigation

The EnCase Endpoint Investigator evidence processor provides industry-leading processing capabilities that can automate the preparation of evidence, making it easier to complete the investigation. Powered by an indexing engine built for scale and performance, you can automate complex queries across your varied evidence sources in one step saving time and increasing your efficiency.

INVESTIGATE

Bring Your Expertise to the Forefront

The most important part of any investigation is your ability to analyze your evidence. EnCase Endpoint Investigator is built with the investigator in mind, providing a wide range of capabilities that enables you to perform deep forensic analysis as well as fast triage across your network from the same solution. Built to help you do what you do best: find evidence and close cases.

ANALYZE

Analyze Evidence Faster

Built-in Case Analyzer gives you deeper insight into computer systems through higher-level reports on metadata and the ability to compare potentially related artifacts side-by-side. This helps you provide a new level of analysis before sharing critical information with your extended investigation team in order to further your investigation. The Snapshot feature in EnCase Endpoint Investigator gives you the ability to readily capture and analyze RAM from target machines—even from numerous target computers concurrently. This simplifies the process of determining commonalities or exposing anomalies, which can be critical when investigating computer security incidents.

REPORT

Powerful, Flexible Reporting

Already the most powerful, flexible reporting tool among digital-investigations platforms, EnCase Endpoint Investigator also gives you important capabilities that ensure you’ll never miss an important comment, bookmark, or other piece of important information when producing and sharing a report. It can:

• Show in detail which information is presented and how
• Export information into various file formats as needed
• Export relevant evidence, investigator comments, bookmarks, search results, search criteria, pictures, date and time artifacts

• Information
• Security Digital
• Investigation