Forensic software to make local debut
29th November 2002 (Computimes)
By SUBASHINI SELVARATNAM

HAVE you heard of computer forensics? Well, it's about a computer system investigation into what is presumed to be a cybercrime activity.

In order to facilitate to this kind of investigation, forensics software are deployed. One such software is EnCase Forensic Edition 4.0 from US-based Guidance Software.

The software will be made available to the local market in mid-January next year by local distributor Hill & Associates (M) Sdn Bhd. Its information technology (IT) security consultant Basil Paul said users who are unable to wait and want to purchase the current edition, EnCase Forensic Edition 3.0, could do so.

"They can upgrade to the new version for free when it is released," he said during the product demonstration.

Paul said EnCase Forensic could capture, preserve and archive computer evidence using non-invasive methods on computer systems powered by Windows, Linux, Unix, Apple and DOS. The software, he added, provides users with an effective means of analysing electronic data that are stored on the computer system.

This Windows-based software is capable of recovering deleted and hidden files or digital content. It also searches deleted and partially overwritten files as well as unallocated space.

The software also performs drive archiving, hash set analysis, signature analysis and keyword searching.

EnCase Forensic features a graphical user interface that enables users to view the relevant files such as the deleted files and unallocated space easily. The software supports multiple-file system such as Windows (FAT 12, 16 and 32), NTFS (with Windows NT/2000/XP), Macintosh (HFS and HFS+), Linux and Unix.

Other features of the software are PST file support for Microsoft Outlook, support for network file system, including compressed files, sector caching and advanced search algorithm for increased speed.

In addition, the software can document the findings of an examination and automatically generate customised reports for users.

The product is targeted at the government, law enforcement, security commissions and financial institutions.

EnCase Forensic Edition 4.0 currently retails at US$2,495 (RM9,481).