Posted: Wed Mar 14, 2012 12:44 pm Author: ner0 Location: South Carolina, USA We're looking at purchasing either EnCase 7 or FTK4 for our agency. Since both are relatively new, I've not been able to find too many reviews of the products. Ideally, we would like to purchase both, but our budget will limit us to only purchasing one for now. Which piece of software would you recommend to an agency that currently has no commercial forensic software?
Posted: Wed Mar 14, 2012 1:36 pm Author: PM_SQ Location: Montreal (Canada) I would strongly advise against buying EnCase 7 at the moment, because it is so buggy that it is practically unusable.
IMHO, I think that right now, between the two options, your best bet is to go with FTK. Use their specifications guide to configure your system properly, put your DB on a dedicated SSD. Try to find an AccessData Oracle DB installer disc because from my experience, PostgreSQL tends to crash FTK when working with moderately large cases (2 million + items).
Another possibility is to buy a used hand Encase 6 dongle (if you can still find one). We are still working with Encase 6 at the office (along with FTK) and it works very well.
But I really think you should stay as far away as possible from EnCase 7 at the moment. Browse through the Forensic Focus forums, you should see many threads about disappointed/angry users of Encase 7.
Posted: Thu Mar 15, 2012 1:48 am Author: GuidoZ Location: N.W. WA State Between those two choices, FTK4 is a clear winner in my book. As was said, Encase7 is very buggy and causing issues in lots of places. Our dept has FTK3 and EnCase6 - I've demo'd both of the newer ones and loved what I saw in FTK4. I've got some other all around recommendations, but that should be saved for the appropriate thread. =)
Posted: Thu Mar 15, 2012 2:36 am Author: johnny Location: UK Like the others I would strongly suggest you stay away from Encase version 7. It is unusable.
Version 6, on the other hand, is a superb piece of software for investigation.
I am not a big fan of FTK but others in my office love it. I find it good for carving out files for review but limited for investigation - just my personal view.
As others have suggested, I'd take a look at XWays - it's a powerful tool but not too pretty.
Posted: Thu Mar 15, 2012 5:37 am Author: Jonathan Location: London, UK While my list would be:
1. X-Ways Forensics
2. SIFT/open source tools
3. EnCase 6 with a load of custom EnScripts, followed very closely by...
4. FTK 3
5. FTK 4
EnCase 7 doesn't deserve a place on the list at this moment.All times are GMT - 6 Hours Page 1 of 7 Go to page 1, 2, 3, 4, 5, 6, 7Next:| |: http://www.forensicfocus.com/
