Symantec Endpoint Encryption support for EnCase forensics tools


Article ID: 178997


Updated On:


Endpoint Encryption


Beginning with SEE 11.1, EnCase forensics tools integration is supported. Assistance with this process would be provided by Guidance Software support (( or +1-866-973-6577) but will require access to the files listed below from one of your SEE clients.


Required files for Symantec 11 encryption:
  • PGPce.dll
  • PGPce.dll.sig
The files are located in the install path for Endpoint Encryption, typically C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\

These files should be placed under [Encase_Installation_Dir]\Lib\PGP\WDE.

  1. Open new case, click on Add Evidence
  2. Add evidence file.
  3. Open evidence file.
  4. Dialog box for password pops-up.
  5. Enter the correct value and the evidence file opens