If you're already using OpenText™ Endpoint Investigator, you're likely familiar with its powerful digital forensic capabilities. As the pioneer in endpoint data collection, it has long been trusted for uncovering hidden threats, gathering court-admissible evidence, and supporting investigations across enterprises and government agencies, both on and off  VPN. However, what you may not know is that with the 25.3 release, this power has expanded significantly, and your existing investment has become a launchpad for integrated incident response.

From EnCase to OpenText: A platform reimagined

Formerly known as EnCase Endpoint Investigator, the solution has now been fully rebranded as OpenText Endpoint Investigator. But this isn’t just a name change - it reflects a strategic evolution in OpenText’s cybersecurity portfolio. The EnCase engine you’ve trusted for decades is still at the heart of our DFIR portfolio, but it's now part of a broader and more innovative platform designed to deliver both significant enhancements to digital orensic investigation capabilities as well as near real-time incident response.

With version 25.3, OpenText Endpoint Investigator introduced a series of upgrades that streamline investigation workflows and modernize the user experience. These include:

• Scales investigations to >1,000,000 endpoints for large-scale enterprise environments, including off-corp endpoints
• Centralized view of all endpoint agents, communication status and job history with endpoint visibility dashboard
• A modern web-based interface for faster navigation and remote collaboration
• Accelerated collections using chunked evidence retrieval for faster forensic imaging
• Enhanced timeline visualizations and snapshot intelligence for deeper insight into endpoint behavior
• Intelligent artifact-based workflowsto help prioritize artifacts for fast triage
• Zero-trust policy alignment, with off-VPN collection and remote access
• Multi-user collaboration for shared investigations and parallel workflows
• Automated agent deployment and API integration for SIEM, SOAR, and EDR tools

Together, these updates make OpenText Endpoint Investigator faster, more scalable, and better suited for distributed, hybrid workforces. But when it comes down to it, OpenText Endpoint Investigator is only the “DF” portion of DFIR.  Adding incident response (IR) to digital forensics (DF) is essential to achieving full DFIR functionality because it enables security teams not only to understand what happened, but to take immediate, coordinated action to contain and remediate threats, closing the gap between insight and response.

Welcome to the next generation of DFIR: OpenText™ Endpoint Forensics & Response

The next-generation platform on which OpenText Endpoint Investigator 25.3 is built is the foundation for OpenText Endpoint Forensics & Response, combining best-in-class forensic depth with live containment, remediation, and automated response capabilities. It’s still the powerful EnCase technology under the hood, but now with the reach, speed, and integration SOC teams need to stay ahead of today’s threats.

In the past, many organizations had to juggle multiple tools to perform a complete investigation: one for evidence collection, another for forensic analysis, and yet another for containment or remediation. That tool sprawl created delays, increased complexity, and elevated risk.

Today’s threat landscape is faster, stealthier, and more complex than ever. Traditional security tools often miss lateral movement, credential abuse, and insider threats until it’s too late. SOC teams need more than retrospective analysis; they need the ability to act in real-time.

OpenText Endpoint Forensics & Response delivers just that. It takes the forensic foundation you already know and trust, and layers in incident response capabilities like:

• Near real-time endpoint isolation
• File and process remediation
• Registry key interrogation and modification
• On-demand IoC scanning and YARA rule matching

And the best part? It does all of this within the same intuitive, scalable platform.

With OpenText Endpoint Forensics & Response, silos disappear. Forensic investigators and incident responders work in a unified environment where they can:

• Collect artifacts, triage suspicious activity, and analyze user behavior
• Isolate compromised hosts without removing them from the investigation
• Terminate malicious processes or delete harmful files during a live investigation
• Respond to threats in near-real time, without waiting for full disk images or switching platforms

This means faster containment, reduced dwell time, and better outcomes for your security team.

Real-world use case examples

Here’s how organizations would be able to take advantage of the digital forensics investigation capability that comes from OpenText Endpoint Investigator and combine it with the incident response functionality associated with OpenText Endpoint Forensics & Response:

Ransomware Containment: assume a threat actor launched a ransomware variant against a regional healthcare provider, and the provider was using OpenText Endpoint Investigator to identify the initial point of infection. With OpenText Forensics & Response enabled, they can isolate affected systems, terminate encryption processes, and initiate recovery - all without switching tools or involving third-party software.

Insider Threat Detection: what if a global manufacturing company faced repeated IP theft from internal sources? Using the timeline and artifact features in OpenText Endpoint Investigator, the SOC team could pinpoint suspicious access patterns. However, by implementing OpenText Endpoint Forensics & Response, they would also be able to remotely interrogate registry keys, confirm the presence of malicious tools, and quietly isolate the user’s machine for deeper analysis.

Cloud Credential Abuse: if a financial services organization detected unusual login behavior, they could use the IoC scanning functionality in OpenText Endpoint Forensics & Response to detect credential attacks across multiple endpoints. By combining the evidence collection capabilities they already had with OpenText Endpoint Investigator with rapid triage and response, they would be able to stop the attack before sensitive data was exfiltrated.

What if I already have OpenText Endpoint Investigator?

If you're already using OpenText Endpoint Investigator, you're in a strong position to level- up your DFIR capabilities. OpenText offers a free 45-day trial of OpenText Endpoint Forensics & Response that builds on your current deployment with a simple add-on license. The best part is there's no need to rip and replace your current technology stack to get the incident response functionality associated with OpenText Endpoint Forensics & Response.  You can activate incident response features like real-time endpoint isolation, process remediation, and IoC scanning within the same interface and architecture you're already using. Just contact an OpenText DFIR account representative to learn how to enable the trial and explore how your existing forensic workflows can evolve into full-spectrum digital forensics and incident response.

Using another tool? Why it’s time to consider OpenText

For organizations using another digital forensic solution, transitioning to OpenText Endpoint Forensics & Response is a strategic upgrade that consolidates investigation and response into a single, unified platform.  Simply purchase the OpenText Endpoint Forensics & Response license and you get both digital forensics and incident response capability right off the bat.  Just contact us here and learn how you can take advantage of significant savings when you adopt the OpenText DFIR platform.

Final thoughts

The line between digital forensics and incident response is blurring, and for good reason. Threats don’t wait for analysis, and your team shouldn’t have to wait to respond.

With OpenText Endpoint Forensics & Response, the platform you trust for forensic depth now empowers you to act with incident response agility and provide the ultimate value.  The platform formerly known as EnCase may bring new speed, visibility, ease of use and control, but that’s just the beginning.

If you’re ready to go beyond investigation and start responding before damage is done, now’s the time to take a closer look at OpenText Endpoint Forensics & Response and bring even more value to your SOC.

The post What you didn’t know your OpenText Endpoint Investigator (EnCase) could do appeared first on OpenText Blogs.