{"product_id":10052,"v_id":10052,"product_name":"EnCase Enterprise Version 6.8","certification_status":"Not Certified","certification_date":"2008-11-20T00:11:00Z","tech_type":"Enterprise Security Management","vendor_id":{"name":"Guidance Software, Inc.","website":"www.guidancesoftware.com"},"vendor_poc":"Gus Quiroga, Sr. Product Manager","vendor_phone":"626.229-9191 x102","vendor_email":"gus.quiroga@guidancesoftware.com ","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p>The Target of Evaluation (TOE) is Guidance Software EnCase<sup>&reg;</sup> Enterprise V6.8, henceforth referred to as Encase Enterprise.</p>\r\n<p>EnCase Enterprise is designed for corporate and government organizations that need the ability to perform internal computer investigations of all types. It establishes an investigative infrastructure that provides network-enabled search, identification, preservation, analysis and reporting of digital evidence on employee computers and file servers for the purposes of internal investigations such as fraud, HR matters and computer incident analysis and response. The solution views data at the binary level, providing the capability to find hidden files such as rootkits and identify zero-day exploits. In addition the software provides the ability to remediate malicious processes, and serves as a platform for add-on data discovery capabilities (not included in the evaluated configuration) for the purposes of sensitive data auditing and eDiscovery.</p>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which EnCase Enterprise was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3.  The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements.  The product satisfies all of the security functional requirements stated in the Guidance Software EnCase Enterprise Security Target, when configured as specified in the EnCase Enterprise V6.8 Admin Manual, EnCase Enterprise V6.8 User Manual, and EnCase Enterprise V6.8 User Documentation Errata Sheet.</p>\r\n<p>A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in June 2008.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10052-2008), prepared by CCEVS.</p>","environmental_strengths":"<p>EnCase Enterprise provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment with good physical access security and competent administrators.</p>\r\n<p>EnCase Enterprise implements the following security functions:</p>\r\n<ul>\r\n<li> <strong>Security Audit</strong> - EnCase Enterprise generates log files of the transactions that occur at the SAFE.&nbsp; Audit logs include information for each audited event, including the identity of the responsible user.&nbsp; EnCase Enterprise also gives authorized administrators the ability to perform an audit log review.</li>\r\n<br />\r\n<li> <strong>Cryptographic Support</strong> - The TOE cryptographic capabilities are provided by the EnCase Enterprise Cryptographic Module 1.0, which is a FIPS 140-2 validated cryptographic module (certificate #942).</li>\r\n<br />\r\n<li> <strong>User Data Protection</strong> - EnCase Enterprise restricts access to the network resources (target nodes) based upon the role assigned to the user.</li>\r\n<br />\r\n<li> <strong>Identification and Authentication</strong> - EnCase Enterprise ensures that users are identified and authenticated prior to allowing them the ability to access its security functions. Users are identified with a user name and authenticated with a password. User attributes include user name, authentication data (password), role, permissions, and permitted node IP addresses.</li>\r\n<br />\r\n<li> <strong>Security Management</strong> - EnCase Enterprise provides two security management roles: keymaster and administrators.&nbsp; EnCase Enterprise provides the keymaster and authorized administrator with a graphical user interface (GUI) that can be used to configure and modify EnCase Enterprise options.&nbsp; There are several modules available to the keymaster and authorized administrator, such as manage user accounts and modify the behavior of the Access Control Policy.&nbsp; Only the keymaster and authorized administrators can modify the behavior of EnCase Enterprise&rsquo;s security functions.</li>\r\n<br />\r\n<li> <strong>Protection of the TSF</strong> - As a product that is inherently distributed across a network, information passed between separate parts of EnCase Enterprise are encrypted to ensure that information is neither intercepted, nor modified between two parts of the system.&nbsp; In addition, EnCase Enterprise ensures that the security enforcement functions are both invoked and successful before each function within EnCase Enterprise&rsquo;s scope of control is allowed to proceed.</li>\r\n</ul>","features":[]}