Guidance Software

Last updated
Guidance Software, Inc.
Company typeSubsidiary
Nasdaq: GUID
IndustryDigital Forensics, E-Discovery
Founded1997
Headquarters Pasadena, CA
Area served
Worldwide
Products
List
  • EnCase Analytics
    EnCase Enterprise
    EnCase eDiscovery
    EnCase Cybersecurity
    EnCase Forensic
    EnCase Portable
    Tableau Forensic
RevenueUS $91.9 million (2010)
Number of employees
371
Parent OpenText
Website GuidanceSoftware.com

Guidance Software, Inc. was a public company (NASDAQ: GUID) founded in 1997. Headquartered in Pasadena, California, the company developed and provided software solutions for digital investigations primarily in the United States, Europe, the Middle East, Africa, and the Asia/Pacific Rim. [1] Guidance Software had offices in Brazil, Chicago, Houston, New York City, San Francisco, Singapore, United Kingdom and Washington, D.C., and employed approximately 371 employees. [2] On September 14, 2017, the company was acquired by OpenText. [3]

Contents

Best known for its EnCase digital investigations software, Guidance Software's product line was organized around four markets: digital forensics, endpoint security analytics, cyber security incident response, and e-discovery. [4] The company served law-enforcement and government agencies, as well as corporations in various industries, such as financial and insurance services, technology, defense contracting, telecom, pharmaceutical, healthcare, manufacturing, and retail. [5] The company operated through four business segments: products, professional services, training and maintenance, and operates two certification programs for the EnCase Certified Examiner (EnCE) [6] and EnCase Certified eDiscovery Practitioner (EnCEP) [7] designations. In May 2010, the company completed the acquisition of Tableau, LLC. [8] In February 2012, Guidance Software acquired CaseCentral. [9]

Notable case mentions

Guidance Software has been noted in a number of high-profile use cases. In 2002, Guidance Software's EnCase was used in the murder trial of David Westerfield to examine his computers and disks to connect him to child pornography. That same year, EnCase was used by French police to uncover emails from now-convicted shoe bomber Richard Colvin Reid. [10]

In 2004, EnCase software was used in the trial of now convicted Scott Peterson for the murder of his wife, Laci Peterson. Computer forensic experts used EnCase to examine Peterson's five computer hard drives, which provided valuable evidence that he had shopped online for a boat, studied water currents, bought a gift for his mistress in the weeks leading up to his wife's death and showed interest in a computer map that included Brooks Island, where his wife was later found. [11]

In 2005, American serial killer Dennis Lynn Rader (also known as the BTK killer) sent a floppy disk to FOX affiliate KSAS-TV in Wichita, Kansas. Using EnCase, police were able to find metadata embedded in a deleted Microsoft Word document that was, unbeknownst to Rader, on the disk. The metadata contained "Christ Lutheran Church", and the document was marked as last modified by "Dennis." A search of the church website turned up Dennis Rader as president of the congregation council. Police began surveillance of Rader.

In 2011, following Sony Online Entertainment's multiple security breaches, Sony said it would be working with Data Forté, Guidance Software and Protiviti to resolve its PlayStation breach. [12] And in May 2011, after the killing of Osama bin Laden, it was reported that an assault team of Navy SEALs removed computers, hard drives, USB sticks and DVDs from bin Laden's compound for forensic analysis. Based on a job description supporting the task, Guidance Software's EnCase is believed to be the tool selected for analysis of the electronic gear. [13] Later that year, Guidance Software's EnCase was noted as a forensic software tool used in the trial of Casey Anthony, following the death of her daughter Caylee Anthony. [14] Investigators used EnCase to search digital cameras and computers. Using the software, Detective Sandra Osborne of Orange County Sheriff's Department, found correctly and incorrectly spelled searches for the word “chloroform.” [15]

Key Management

John Colbert - CEO Victor Limongelli- CEO Shawn McCreight - CTO and Founder Frank Sansone - CFO Barry Plaga - CFO Sandy Gyenes - CHRO Mark Harrington - General Counsel

Related Research Articles

A disk image is a snapshot of a storage device's structure and data typically stored in one or more computer files on another storage device. Traditionally, disk images were bit-by-bit copies of every sector on a hard disk often created for digital forensic purposes, but it is now common to only copy allocated data to reduce storage space. Compression and deduplication are commonly used to reduce the size of the image file set. Disk imaging is done for a variety of purposes including digital forensics, cloud computing, system administration, as part of a backup strategy, and legacy emulation as part of a digital preservation strategy. Disk images can be made in a variety of formats depending on the purpose. Virtual disk images are intended to be used for cloud computing, ISO images are intended to emulate optical media and raw disk images are used for forensic purposes. Proprietary formats are typically used by disk imaging software. Despite the benefits of disk imaging the storage costs can be high, management can be difficult and they can be time consuming to create.

<span class="mw-page-title-main">USB flash drive</span> Data storage device

A USB flash drive is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and usually weighs less than 30 g (1 oz). Since first offered for sale in late 2000, the storage capacities of USB drives range from 8 to 256 gigabytes (GB), 512 

<span class="mw-page-title-main">Computer forensics</span> Branch of digital forensic science

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

<span class="mw-page-title-main">File system</span> Format or program for storing files and directories

In computing, a file system or filesystem is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one large body of data with no way to tell where one piece of data stopped and the next began, or where any piece of data was located when it was time to retrieve it. By separating the data into pieces and giving each piece a name, the data are easily isolated and identified. Taking its name from the way a paper-based data management system is named, each group of data is called a "file". The structure and logic rules used to manage the groups of data and their names is called a "file system."

Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the storage media that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment.

In computing, data recovery is a process of retrieving deleted, inaccessible, lost, corrupted, damaged, or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a usual way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

<span class="mw-page-title-main">Digital forensics</span> Branch of forensic science

Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination, and analysis of material found in digital devices, often in relation to mobile devices and computer crime. The term "digital forensics" was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

<span class="mw-page-title-main">Acronis Cyber Protect Home Office</span> Data protection software for personal users

Acronis Cyber Protect Home Office is a software package produced by Acronis International GmbH that aims to protect the system from ransomware and allows users to backup and restore files or entire systems from a backup archive, which was previously created using the software. Since 2020, Acronis Cyber Protect Home Office includes malware and Zoom protection. The software is used by technicians to deploy operating systems to computers and by academics to help restore computers following analysis of how viruses infect computers.

<span class="mw-page-title-main">Database forensics</span>

Database forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata.

<span class="mw-page-title-main">The Sleuth Kit</span>

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

Anti–computer forensics or counter-forensics are techniques used to obstruct forensic analysis.

Device configuration overlay (DCO) is a hidden area on many of today's hard disk drives (HDDs). Usually when information is stored in either the DCO or host protected area (HPA), it is not accessible by the BIOS, OS, or the user. However, certain tools can be used to modify the HPA or DCO. The system uses the IDENTIFY_­DEVICE command to determine the supported features of a given hard drive, but the DCO can report to this command that supported features are nonexistent or that the drive is smaller than it actually is. To determine the actual size and features of a disk, the DEVICE_­CONFIGURATION_­IDENTIFY command is used, and the output of this command can be compared to the output of IDENTIFY_­DEVICE to see if a DCO is present on a given hard drive. Most major tools will remove the DCO in order to fully image a hard drive, using the DEVICE_­CONFIGURATION_­RESET command. This permanently alters the disk, unlike with the host protected area (HPA), which can be temporarily removed for a power cycle.

<span class="mw-page-title-main">EnCase</span>

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. EnCase is traditionally used in forensics to recover evidence from seized hard drives. It allows the investigator to conduct in-depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

File carving is the process of reassembling computer files from fragments in the absence of filesystem metadata.

<span class="mw-page-title-main">Mobile device forensics</span> Recovery of evidence from mobile devices

Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.

<span class="mw-page-title-main">Digital forensic process</span>

The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.

Forensic search is an emerging field of computer forensics. Forensic search focuses on user created data such as email files, cell phone records, office documents, PDFs and other files that are easily interpreted by a person.

Advanced Digital Forensic Solutions, Inc. is a company based in Reston, Virginia, that develops tools for scanning suspect computers and digital devices to locate and extract data, a process known as digital forensics. Digital forensic tools scan mobile phones, computers and digital devices to collect intelligence or evidence of a crime to identify computers that contain content relevant to an investigation.

Gates Rubber Company v. Bando Chemical Industries, Ltd., et al. is a decision by the U.S. district court for the District of Colorado from May 1, 1996. It is considered a landmark decision in terms of expert witness court testimony in questions of electronic evidence and digital forensics.

References

  1. Yahoo!, retrieved 03 June 2011
  2. Guidance Software Archived 2011-07-23 at the Wayback Machine , retrieved 03 June 2011
  3. OpenText, retrieved 14 September 2017
  4. LinkedIn, retrieved 03 June 2011
  5. Bloomberg Businessweek, retrieved 03 June 2011
  6. Google Books, retrieved 10 September 2012
  7. GoCertify Archived 2012-08-17 at the Wayback Machine , retrieved 10 September 2012
  8. Reuters [ dead link ], retrieved 03 June 2011
  9. Reuters, retrieved 10 October 2012
  10. Government Technology, retrieved 03 June 2011
  11. Los Angeles Business Journal Archived 2008-05-14 at the Wayback Machine , retrieved 03 June 2011
  12. TIME, retrieved 03 June 2011
  13. CBS News, retrieved 03 June 2011
  14. WFTV 9 Archived 2011-07-12 at the Wayback Machine , retrieved 30 June 2011
  15. WFTV 9 Archived 2011-07-12 at the Wayback Machine , retrieved 30 June 2011