Beruflich Dokumente
Kultur Dokumente
09
Release Notes
November 21, 2013
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
SAFE Version
The SAFE version for this release is 7j.
This version includes the ability for a keymaster to grant permission to non-keymaster SAFE users
for them to administer user accounts. This is useful in sizable organizations where it can be
burdensome for only one keymaster to administer large numbers of accounts.
New Features
Result Set Processing
Previously, it was necessary to run Evidence Processor for an entire device, even if you wanted to
review only a specific type of file, a specific location, or a subset within the device. Now you can
process a result set from the case for the specific information you want to review.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
Open the Processor Options dialog. Depending on the context, there are several ways to
do this. For example, in the Evidence tab, click Process Evidence > Process.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
2.
3.
Select the result set you want to process, then click OK. The EnCase Processor Options
dialog displays a table with information about the result set to be queued:
Name
Evidence Size
Item Count
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
This information helps you identify the size and scale of the evidence to be processed. A
result set may contain items from multiple evidence files, all of which will be processed.
4.
Note: Processing modules (System Info Parser, File Carver, Windows Artifact Parser, etc.), along with Recover
Folders, do not respect result sets and therefore run against the entire device as they normally do.
Note: Because result sets can include items from multiple devices in various processing states, locks do not display in
processing options when selecting result set processing. However, items that would normally be locked because they
were previously run on a device will still run, even if they do not have the lock item present. In other words, once a
lockable Evidence Processor option is run on a device, all processing jobs that follow on that device will run the
option, even if it is not selected. The screenshot in Step 3 above explains that these previously processed items are
marked with asterisks, and those items will be reprocessed.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
Also, since locks do not display, some modules that are not supported in certain instances will not run, even if they are
selected. For example, indexing will not run on items that come from a remote node, and Snapshot will not run on an
evidence file or a local drive.
In the Results tab, select the result set you want to process.
2.
3.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
In the Tree and/or Table pane, blue check the items you want to include in the result set.
2.
Right click, and in the dropdown menu click Entries > Create Results.
3.
The Create Results dialog displays, showing the number of items selected that are under
the highlighted folder.
In the example above, note that in Step 2, 11 entries were blue checked, but the Create
Results dialog shows that only 7 entries are being included in the result set in Step 3. This
is because a folder was highlighted in the entry tree in Step 2 when Create Results was
selected. Only blue checked items below the folder that is currently highlighted are
included in the result set. Blue checked items in adjacent or higher branches in the folder
tree are excluded. This behavior is similar to the way EnCase includes selected items
when creating a LEF.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
To include all blue checked items in a device, highlight the device root first before
selecting the Create Results option.
4.
5.
EnCase creates the result set, and it displays in the Results tab.
Email archives
Internet artifacts
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
Examples of data types that do not allow creation of results (because they are metadata only)
include:
Snapshot data
1.
In the Tree and/or Table pane, blue check the items you want to include in the result set.
2.
Right click, and in the dropdown menu click Records (or Entries, depending on the
context) > Create Results.
3.
The Create Results dialog displays, showing the number of items selected.
4.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
5.
EnCase creates the result set, which displays in the Results tab.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
10
1.
Click the Overwrite Evidence Cache checkbox. An information message displays in the
right pane.
Note: This option is enabled only when you select Current Item and the evidence is already
processed.
2.
Click OK. A warning message displays, asking if you want to continue and delete
previously processed output.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
11
3.
To continue, click Yes. EnCase will delete all caches related to the specified evidence file.
Note: When you use the Overwrite Evidence Cache option, items in the result sets and bookmarks belonging to
the device will no longer resolve to the original item GUIDs and will become invalid. You can delete the existing result
sets and bookmarks or maintain them as a reference for manual recreation.
Sweep Enterprise
Create Scan
Status
Analysis Browser
In the new scan area, click Create Scan to create a new scan.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
12
The Previous Scans area displays most recent scans (up to five), as well as an All Scans report
link. Clicking one of the previous scans takes you to the Analysis Browser tab with the results of
that scan.
To select targets for the sweep, click Create Scan on the Sweep Enterprise main tab.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
13
2.
3.
In the target list, select the nodes you want to sweep. To select or clear all nodes in the
list, click Selected.
4.
Click Run Scan. The Module Settings dialog opens, displaying available modules in the
left pane and information about the currently selected module in the right pane.
The System Info Parser and Snapshot modules are selected by default.
A snapshot of each target is generated for all collection jobs; therefore, you cannot
clear the checkbox for the Snapshot module.
The File Processor module is not selected by default because it has a significantly
higher run time than the other modules.
The System Info Parser module is not enabled for Linux systems.
The System Info Parser module Advanced tab options for collecting custom registry
keys are not available.
Selecting Check In directs Sweep to wait infinitely for all the targets to check in before
it runs the selected modules on the target. If you leave this checkbox blank, the SAFE
initiates communication. If a servlet does not respond after a certain amount of time,
the SAFE ends the communication and EnCase informs you that the servlet cannot be
reached.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
14
Selecting Deploy Servlet causes the SAFE to initiate communication with the target
and automatically install a servlet if one is not already installed. This option is only
available if the user's role is configured with the Deploy Servlet permission. The
Deploy Servlet and the Check In options cannot be used simultaneously. See
Automatically Deploying Servlets.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
15
5.
When you finish selecting modules and their associated options, click Next. A
Confirmation Page displays, showing the target node list and module selections.
6.
Click Finish.
Importing Targets
You can add a list of targets to the Create Scan tab.
1.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
16
2.
3.
Enter, or copy and paste, a list of machine names, IP addresses, or IP ranges, then click
OK.
4.
A Temporary Targets folder containing the imported items is added to the Create Scan
tab. You can select them like any other target.
Note: Temporary targets are only available for the current sweep.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
17
Status Tab
When you click Finish on the confirmation page, the Status tab displays.
A green bar indicates the progress of the scan for a given node and module (for example,
Mounting Drives, Waiting, Scanning, Snapshot Taken).
The Collection Status column also indicates if connection to a specific node failed.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
18
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
19
20
Snapshot
Software folder:
o Installed Apps
o Installed MS Apps
o Uninstalled Apps
Target Info folder:
o Job Target Files Collected
o Target Volumes
o Targets Collected
o Targets Failed
User Activity folder:
o Open Files
o Processes Launched by User
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
21
2.
The Scans/Targets dialog displays. It contains a list of scans and targets from which you
can choose to limit the displayed results in the Analysis Browser tab.
3.
Select one scan and one or more targets to limit the displayed results. Alternately, you can
enter targets manually in the Manual Entry area.
Note: No selection means there is no limitation.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
22
4.
Click OK. The displayed results in the Analysis Browser tab change to reflect your
constraint. In this example, the results were narrowed down from 66 items to 18.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
23
Buttons for going to the first and last page of the report.
Forward and back buttons for going to the next page or previous page of the report.
Checkboxes for each individual page of the report. The number of checkboxes varies,
depending on the report's size.
A Go to Page button.
24
Go to Page
1.
Click Go to Page. The Pages from 1 to XX (the last page of the report) dialog displays.
2.
Use the up or down buttons to specify a page number or enter a page number manually,
then click OK.
3.
The report displays the page number you specified, and that page number's checkbox is
checked.
2.
Use the up or down buttons to specify the number of items that display on one page or
enter a number manually (the default is 200), then click OK.
3.
The report displays the number of items you specified for each page.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
25
Show All
1.
2.
All items in the report (in this example, 4541) display on one page which you can scroll
through, and a checkbox displays for one page.
Clear the Show All checkbox to revert to the previous page size.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
26
To initiate a subsort, hold down the Shift key and double click the column heading. You can sort
columns up to six layers deep.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
27
This option enables you to perform a quick sweep against registry entries only resident in memory
(versus disk), reducing time taken to analyze live machines.
Note: In the Sweep Enterprise System Info Parser dialog, the Live Registry Only checkbox is checked by default. In
the Evidence Processor System Info Parser dialog, the Live Registry Only checkbox is cleared by default.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
28
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
29
In the EnCase Processor Options dialog, expand Index text and metadata, then click
Personal Information.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
30
2.
3.
Social Security Number displays as the default. To add another type of ID, click New. The
Government ID dialog displays.
Note: you cannot view or edit the default Social Security Number.
4.
Enter a name in the Government ID box and a GREP expression in the Search
Expression (GREP) box.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
31
This example shows the GREP expression for a Colombian Cedula Number:
5.
Click OK. The ID type just created displays in the Government ID tab.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
32
In the Government ID tab, select the Search Name you want, then click Edit.
2.
The Government ID dialog displays. Enter your changes, then click OK.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
33
2.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
34
3.
4.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
35
5.
6.
Right click in the tab, then click New in the dropdown menu. The New Permission/Role
dialog displays.
7.
In the Permission Type tab, click the checkbox for Administer Users.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
36
8.
Click OK. Administer Users is added to the list of permissions for the designated user.
9.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
37
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
38
2.
The Acquire Smartphone dialog displays. Under Backup Files, click Apple iTunes.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
39
3.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
40
4.
5.
6.
EnCase parses the data, and you can view the records in the Evidence tab or
Smartphone report.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
41
// EnScript
LocalFileClass file();
file.Open("myfile.txt");
DotNetStreamClass dnStream(file);
MyAssembly::MyClass dnObj();
dnObj.DoSomething(dnStream);
// .NET C#
namespace MyAssembly {
public class MyClass {
public void DoSomething(System.IO.Stream stream) {
using (StreamReader reader = new StreamReader(stream)) {
while (!reader.EndOfFile) {
Debugger.WriteLine(reader.ReadLine());
}
}
}
}
}
EnScript FileClass objects are not thread safe. Therefore, .NET code must take care when using
wrapped objects. If the object is only used by .NET, access should be synchronized using .NET
serialization constructs. If the object is shared between EnScript and .NET, it should only be
accessed on the calling thread (EnScript thread), or an appropriate synchronization object should
be used that can then synchronize access between EnScript and .NET. Even then, it is possible
internal EnCase code could conflict with .NET code accessing the same FileClass object.
.NET treats all streams as binary (not text), then adds text interpretation with Reader and Writer
objects. EnScript authors must use care to open FileClass objects with appropriate options.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
42
// .NET C#
namespace MyAssembly {
public class MyClass {
private System.IO.Stream _MyStream = File.OpenRead("myfile.txt");
public System.IO.Stream MyStream {
get { return _MyStream; }
}
}
}
// EnScript
MyAssembly::MyClass dnObj();
FileClass file = new DotNetFileClass(dnObj.MyStream());
while (file.More()) {
Console.WriteLine(file.ReadChar());
}
Items Fixed
Acquisition/Add Device/Preview/File System
68163: Version 7h of the servlet now lists devices available for acquisition at /dev/cciss.
67770: When acquiring devices as .E01 in LinEn, segmentation faults no longer occur.
67609: EnCase crashed when adding an ext3 formatted USB device. This is fixed.
67422: When acquiring images of GPT disks, EnCase now includes the last sector of every
partition.
67258: The Acquisition Info tab now correctly displays the date and start/stop sector count for
manually interrupted acquisitions for both legacy .E01 and for .Ex01 files.
65159: After using and formatting an exFAT device, with the WinAcq command line acquisition
tool, with verbose logging, to acquire a logical volume on a flash drive, EnCase now reports a
matching sector count and logical size.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
43
Bookmarks
68186: In the Bookmarks tab's table pane, when No Report is checked, selected files are not
displayed in the Report view, as expected.
67667: If the View pane was undocked, the Bookmark > Raw Text option was disabled in the
Text and Hex tabs. The Raw Text option is now available in those tabs when the View pane is
undocked.
67559: Logical Size was showing as zero for email bookmarked via Show Conversation. EnCase
now displays the correct logical size.
Case Analyzer
66255: Case Analyzer reports allowed specifying constraints using only 19 characters. This is now
expanded to 1024 characters.
63867: In Case Analyzer, OS X dates are now displayed consistently across devices and logs.
50883: Data in the Event Type column displayed as numbers instead of actual event type values
(for example, Unknown, Error, etc.). The correct values display now.
50710: Case Analyzer displayed EnCase Portable as a device after the Portable dongle was
removed. This is fixed.
Email
68438: Evidence Processor no longer sticks during Mount Task of a Folders.dbx file.
65043: Show Conversation and Show Related Messages options are now available, as expected,
when multiple .pst files are opened. These options remain unavailable when you mix email with
other types of records (internet data, etc.).
Encrypted Devices
66624: A problem with ReFS volumes encrypted by BitLocker on Server 2012 caused the volumes
to fail and not properly decrypt. After providing correct BitLocker credentials, the file system was
not parsed. This is fixed.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
44
EnScript
67539: The System Info Parser displayed the OS last shutdown time in the Records tab as
Wednesday, 22nd April, 2009 19:24:48 GMT, regardless of the current evidence. This is fixed.
67113: EntryClass methods and properties of the EnScript API now have the necessary
permissions to run on mounted devices in direct nodes.
66556: EnCase now provides a complete path for entries retrieved from ItemCacheClass using the
stored monikers.
Entry Metadata
68019: In Evidence view, the name of a deleted folder in the Recycle Bin displayed twice in the
Original Path column. The deleted folder name now displays only once.
67555: After mounting a network share, you were required to view the files on the host system to
see the VFS Name column populated in EnCase. This is fixed.
EnView
67668: You can now view document files in the Recycle Bin in the Doc tab.
Evidence Processor
68496: The Evidence Processor no longer terminates unexpectedly.
65068: When running Evidence Processor multiple times, processing did not complete and an
"Error Prepping LEF" message displayed. This is fixed.
Gallery View/Pictures
67438: In Gallery view, EnCase allowed you to select only the first image in the last row. Now you
can select all images in the last row.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
45
General
68374: When using the Copy Folders command, EnCase copies the folders, as expected, without
a system failure.
68103: When you run Keyword Searching before you run Recover Folders, the keyword search no
longer becomes unusable when you later run Recover Folders.
68075: When applying a filter, EnCase now stores and retrieves the preference for Table or TreeTable.
67564: When your case automatically updates a node's servlet to Version 7g, it no longer adds the
description "EnCase Enterprise Agent" to the node's Processes tab in Task Manager.
66607: EnCase became unstable when scrolling in Table Evidence view. This is fixed.
63944: Line wrap settings are now applied by EnCase as set by the user.
Hashing/Hash Sets
67902: Sorting on the Hash Sets column was slow due to EnCase data processing of this data
whenever an entry was redisplayed. This is fixed.
67633: EnCase no longer crashes when importing Hashkeeper from the NSRL hash set.
Index/Query Index
67611: When a wild card was used with an index search, the Next Hit button was disabled. This is
fixed.
Internet
67665: Opera Internet history was parsed using the Western European Windows codepage only,
and text did not display correctly. EnCase now uses the UTF-8 codepage and this is fixed.
Reporting
67990: When you export a Review Package in the Evidence view, EnCase no longer generates a
JavaScript error.
67243: Now no error message displays with reports containing files or strings greater than 64k.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
46
Smartphone
66807: SGH-1337 Samsung Galaxy S4 with Android v4.2 is now detected.
Sweep Enterprise
68080: In previous versions of EnCase, Sweep Enterprise's System Info Parser options incorrectly
displayed Auto Runs. Auto Runs is no longer displayed in the System Info Parser options.
68015: When Sweep Enterprise reports are imported into a separate instance of EnCase and
analyzed with Case Analyzer, Case Analyzer now displays the reports as expected. They match
the reports from the Sweep Enterprise instance.
67345: The Sweep Enterprise Status page and the Analysis Browser page now appear as tabs in
EnCase and, as expected, contain data.
61704: When a SAFE has no available connections, it now displays an error pertaining to
connection unavailability rather than an error pertaining to unsuccessful SAFE validation.
53025: Non-deleted files no longer appear in the Deleted Files view of the Analysis Browser.
52864: In the Analysis Browser, highlighting blue checked views no longer removes the blue
check.
47766: In previous versions of EnCase, the Sweep Enterprise window became stuck open when
canceled. In Version 7.09, the Sweep Enterprise window is embedded in EnCase, so this is no
longer an issue.
47539: In the DNS view, the Type column now displays the expected values rather than numeric
codes.
47527: In the Snapshot settings, deselecting the Hidden Processes option now results in the
expected exclusion of hidden processes in the Analysis Browser's Hidden Processes View.
46718: In the Analysis Browser, row numbers in the table now match row numbers at the bottom
of the page in the page controller.
46624: When viewing Snapshot job results in the Analysis Browser, the Dixon box reflecting the
number of selected rows now includes all rows in all pages rather than only the rows in the first
page.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
47
UI/Controls
68463: After creating bookmarks in the Transcript tab, a system failure no longer occurs in the
Bookmarks tab when switching between its View pane's Fields and Report tabs.
68411: As expected, when you choose the Print to PDF option in the Evidence tab, a PDF file is
created and EnCase does not freeze.
68202: The Results tab no longer displays data in Trable or Tree modes. Sorts in the Results tab
are only available in Table or Tree Table modes.
67635: In Search view, EnCase did not display correct information in the Name column. The
correct name now displays.
67558: Records view now correctly updates and corresponds with Evidence view for manually
mounted files.
67297: In the index search Results tab, the SocialSecurity option has been changed to
GovernmentID.
64518: In Sweep Enterprise, the servlet deployment option is now enabled or disabled according
to role permissions.
52776: The true path column in Search view displayed an incorrect path for some items. This is
fixed.
Known Limitations
65853: Files contained within a compound file go undetected when running a condition or filter.
Filters now search recursively for items that satisfy the logic of the filter, starting from the current
device; so if the user has drilled into a .zip file, the first folder to be searched is the .zip file, not the
device it belongs to.
68536: When attempting to connect to a Linux target using the Sweep Check-in option, the servlet
may crash. This is a known limitation on Linux. The servlet may crash on some Linux distributions
when it tries to resolve the SAFE's name to the IP address. In order to avoid this issue, use the IP
address instead of the host name for the SAFE address during SAFE installation.
62045: View File Structure does not display entry slack in Logical Evidence Files.
Found in 7.08.02
67680: When running enlinuxpc64, the auto update keeps the servlet at the latest version, but
does not switch automatically from 32- to 64-bit. In order to switch to 64-bit servlets on 64-bit Linux
kernels, the first time you must update manually.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
48
Found In 7.08.01
67028: EnCase becomes unstable when you drag and drop evidence into a case while a sort
operation is running.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
49
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
50
Encryption Support
EnCase now supports the following encryption products.
Vendor
Product
Supported Versions
64-bit Support
Check Point
Yes
Credant
Mobile Guardian
No
GuardianEdge
Encryption Plus/Anywhere
7 and 8
No
GuardianEdge
Yes
McAfee
4, 5, 6, 7 (for Windows
Yes (for Versions
and Macintosh computers) 4 and 5)
Microsoft
Yes
Sophos
Symantec
Yes
Symantec
Endpoint Encryption
Yes
WinMagic
No
USGCB Compliance
EnCase has been validated as USGCB compliant using the following version of NIST VHD
images:
10/14/11 (for Windows 7 only)
EnCase was tested using Retina Network Security Scanner, which is an NIST validated USGCB
scanner (http://usgcb.nist.gov/usgcb/microsoft_content.html).
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
51
Support
Technical assistance is available online at http://www.guidancesoftware.com/technicalsupport.htm. From this page you can register for and access the Guidance Software Support
Portal, an invaluable resource providing product-specific technical forums, an extensive
knowledge base, a bug tracking database, and an Online Submission Form for your questions.
Technical Support
Guidance Software offers several technical support options, including:
Live Chat
Telephone
Customer Service
Please direct service questions to the Guidance Software Customer Service Department:
MondayFriday 7 AM5 PM Pacific time
Phone: (626) 229-9191, press 5
Fax: (626) 229-9199
Email: customerservice@guidancesoftware.com
1055 E. Colorado Blvd.
Pasadena, CA 91106-2375
You can access our Customer Service Request Form online at
http://www.guidancesoftware.com/CustomerServiceRequest.aspx.
2013 Guidance Software, Inc. All rights reserved. Information in these release notes is subject to change without notice
and is provided for informational purposes only.
52