This is why Enterprise is so expensive, you can complete in hours what a physical system-by-system acquisition would take weeks. The EE system can deduplicate on acquire, comparing hashes of acquired files from one machine to another, and deliver detailed logs of what was acquired, what was skipped, and why, on what workstations. The EE administrator then does either a live content search, or searches for filenames on remote systems, and decides what to acquire and what to leave alone. Once the backdoor is installed, it has the ability to send the content of a system (including deleted files) to the EE server, which is usually on site, or in some cases abroad. This process is generally performed by the sysadmin team, generally pushed out in a logon script etc. Really, EnCase Enterprise and ProDiscover are two completely different things, that accomplish the same primary goal.įirst of all, Enterprise (EE) works on a p2p system, which requires a small java servlet be installed on each acquirable system - which is basically a backdoor for the EE application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |