does anyone have any experience with using Encase's Forensics suite with McAfee EEPC? A client's forensics department would like the ability to deal with encrypted drives.
We're running EEPC v6 patch 2, Encase is version 6.18 I believe. The client also has the Encase EDS license, which I believe should allow investigation of encrypted drives. At present the Encase user gets an error to the effect that the Safeboot DLL isn't available.
A quick overview of the Encase website reveals very little information, other than that Safeboot is supported (no mention of McAfee EEPC).
Solved! Go to Solution.
Although I found a KB for EEPC 5.x in our McAfee Knowledgebase, I did not find one for EEPC 6.0.
To create an accurate KB for EEPC 6, it would be helpful to know the full error the ENCASE software generated.
Just for reference the EEPC 5.x article is KB52103
All the best. Hope you can help me document this to help others in the future.
Knowledge Analyst (Global Online Services)
It's not so much that there's an error Kevin, it's that you can't use Encase to do a forensic analysis on an EEPC 6 encrypted hard disk - there's just no "button" in Encase to do that, unlike v5 where there is one.Message was edited by: SafeBoot on 3/17/11 8:52:19 AM EDT
I did appreciate that, but it is always good to mention errors that people might search on. The KB will be updated to state exactly what you have provided.
I am just a stickler for including any errors people see when using our McAfee software.
As always Simon, thanks for keeping me busy with new content.
Endpoint Encryption for PC 6.x has now been added to KB52103 to cover which versions are supported and which are not.
Thanks for your postings
KevMessage was edited by: kthomas on 18/03/11 06:35:55 CDT
Are there any plans to add EnCase support for EEPC 6.x? We were planning to rollout MEE 6.x to all of our laptops, but can't if EnCase is not supported.
Thanks.Message was edited by: tex on 4/4/11 8:34:10 AM CDT
gifkoek, did you find out anything from encase. We also use encase and in many situtations we will use the EEPC 5.x module to get back data or do a forensic investigation on an encrypted machine. Was hoping that had something by now for the newer version.