Symantec Endpoint Encryption support for EnCase forensics tools

book

Article ID: 178997

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Beginning with SEE 11.1, EnCase forensics tools integration is supported. Assistance with this process would be provided by Guidance Software support ((https://www.guidancesoftware.com/ or +1-866-973-6577) but will require access to the files listed below from one of your SEE clients.

Resolution

Required files for Symantec 11 encryption:
  • PGPce.dll
  • PGPce.dll.sig
The files are located in the install path for Endpoint Encryption, typically C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\

These files should be placed under [Encase_Installation_Dir]\Lib\PGP\WDE.

Steps:
  1. Open new case, click on Add Evidence
  2. Add evidence file.
  3. Open evidence file.
  4. Dialog box for password pops-up.
  5. Enter the correct value and the evidence file opens