The industry standard for scanning, collecting, and securing forensic data for law enforcement, government agency and corporate investigations.

For digital investigations, examiners need to be able to prioritize, collect and decrypt evidence from a wide variety of devices while maintaining its integrity. The process needs to be quick, efficient, repeatable and defensible, with the ability to create intuitive reports.

OpenText™ EnCase™ Forensic is recognized globally as the standard for digital forensics and is a court-proven solution built for deep-level digital forensic investigation, powerful processing and integrated investigation workflows with flexible reporting options. It is built with a deep understanding of the digital investigation lifecycle and the importance of maintaining evidence integrity. EnCase Forensic empowers any examiner to seamlessly complete any investigation, including investigations of mobile devices.

Reliable acquisition of evidence

With EnCase Forensic, examiners can be confident the integrity of the evidence will not be compromised. All evidence captured with EnCase Forensic is stored in the court-accepted EnCase evidence file formats.

Deep forensic analysis

EnCase Forensic has been used in thousands of court cases and is known for its ability to uncover evidence that may go unnoticed if analyzed with other solutions.

Mobile collection for 35,000+ profiles

EnCase Forensic supports the latest smartphones and tablets, including more than 35,000+ mobile device profiles, all while empowering the examiner to conduct logical and physical acquisitions. From the new investigator to the seasoned examiner, each level of user can find the evidence they need with mobile acquisitions in EnCase Forensic.

Image analysis

Media Analyzer processes images into 12 categories using AI powered visual threat intelligence technology. Examiners can quickly filter by confidence level and identify previously unidentified contraband with near-zero false positives.

Broad OS/decryption support

Offering the broadest support of operating and file systems, artifacts and encryption types, EnCase Forensic enables the investigator to provide conclusive results with a detailed analysis of findings.

Connect to the cloud

With EnCase Forensic, examiners can leverage credentials to collect from data repositories in the cloud, such as Microsoft O365 and SharePoint. Data is stored in logical containers to preserve chain of custody at the point of acquisition.

OpenText EnCase Forensic features:

• Enhanced indexing engine: Empowers investigators to conduct investigations with powerful processing speeds, advanced index searching, comprehensive language support and optimized performance.
• Easy reporting: Provides customizable templates to help examiners create compelling, easy to read, professional reports that can be shared for every case.
• Extensibility: Offers extensibility through EnScripts, which are automated code commands that streamline and automate tasks and extend the capabilities of EnCase Forensic to help the examiners complete investigations more efficiently.
• Workflow automation: Delivers automated investigation workflows so examiners can easily navigate through EnCase Forensic to enhance how they uncover evidence.
• Updated encryption support: Provides encryption support for Microsoft® Windows® 10 Bitlocker XTS-AES, Dell® Data Protection 8.17 and Symantec™ PGP v10.3; investigators can acquire encrypted evidence without worry about data corruption, damage or unnecessary delays.
• Apple File System (APFS) support: Supports APFS, the file system used in helping investigators conduct targeted data collections from APFS and send the output as an EnCase logical evidence file.
• Volume shadow copy capabilities: Examines Volume Shadow Snapshot (VSS) backups, also known as volume shadow copies, generated by Microsoft Windows, allowing investigators to recover deleted or modified files, as well as full volumes and learn what may have taken place on a system before the investigation.
• Apple T2 Security Bypass: Acquires machines equipped with Apple T2 Security chips without additional hardware, drive partitions, or hassle. And if the user is logged in, no credentials are required.