EnCase 7.09.04 is now available and contains several enhancements to make your investigations more efficient and comprehensive. Today’s digital investigators face a constant struggle to maintain comprehensive investigative skill sets, while continuously improving efficiency in the face of overwhelming growth of evidence and diversity of malfeasance. EnCase 7.09.04 makes reporting more efficient with the Flexible Reporting Template and reduces investigator effort by enabling decryption of McAfee Endpoint Encryption devices with the 64-bit EnCase Examiner. EnCase 7.09.04 expands on the strongest Windows-based investigation capabilities of OS X machines, adding the ability to decrypt and extract passwords from OS X keychains.
To gain access to this release register your dongle and you’ll receive a MyAccount email with download links.
In this article, I'll walk through the information that can be extracted from keychains and also provide sample EnScript-based techniques to expose this data in EnCase.
