This chapter provides an overview of the entire EnCase process and examines its role in the field of forensic evidence collection and in the courtroom. The author of this chapter notes that EnCase by Guidance Software has become the leading forensic tool used by investigators of computer crimes. EnCase operates in a Windows environment and the author points out that the early pioneers of computer forensics operated in a DOS setting, believing that computer examinations should never take place in a Windows environment for fear that data would be routinely altered and written to the hard drive. However, these issues do not plague EnCase because this system directly mounts the bit-stream forensic images as read-only virtual drives. As such, EnCase has become a valuable tool in the collection of forensic evidence. This chapter discusses EnCase’s Evidence File, as well as its capabilities for analysis, restoring drives, and archiving drives. Figures, references