Where do they fit? ...
 
Notifications
Clear all

Where do they fit? Belkasoft Evidence Center, OSForensics

7 Posts
4 Users
0 Likes
621 Views
tracedf
(@tracedf)
Posts: 169
Estimable Member
Topic starter
 

A number of forensic tools (Evidence Center, OSForensics) have come out that have the goal of being easier to use than the long-standing market leaders like EnCase, FTK, etc. At the same time as these tools seek to compete with products like EnCase, some of them also support importing their results back into EnCase so that the tools can be used together. I'm curious about how people are actually using these tools.

Do you use Evidence Center, OSForensics or any of the newer tools as your primary forensic suite in lieu of the traditional tools like EnCase or FTK? Do you use them together? Do you not use them at all? Do these tools seem better suited to certain types of cases or users (e.g. for internal HR investigations or for use by IT/Security staff)?

So far, the only suite I have significant experience with is EnCase.

 
Posted : 23/09/2015 11:11 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Do you use Evidence Center, OSForensics or any of the newer tools as your primary forensic suite in lieu of the traditional tools like EnCase or FTK?

I use them for several cases.

Do you use them together?

I use them together for several cases.

Do you not use them at all?

Sometimes, I do not use them for cases with mobile devices. Usually I use Oxygen Forensic, UFED, XRY, Belkasoft for the cases.

Do these tools seem better suited to certain types of cases or users (e.g. for internal HR investigations or for use by IT/Security staff)?

Different cases need different forensic software.

 
Posted : 24/09/2015 12:14 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

I have Xways as my main tool, then go to Intella for email and e-discovery, UFED for mobile dumps and I also use IEF to parse the mobile dumps and for internet related artifacts.

I'm trialing Belkasoft evidence center now and considering taking that on as another tool for the kit. I also use a number of open source tools if/when the need arises.

I had a look at OSF forensics a few weeks ago, I revisit that every couple of years to see the improvements, it's developing well I think and it's not expensive but on my system it seems to have stability issues and runs very slow.

I don't think the tool used is as important as the understanding behind the evidence obtained.

 
Posted : 24/09/2015 5:04 am
tracedf
(@tracedf)
Posts: 169
Estimable Member
Topic starter
 

Adam I've heard a few people speak well of XWays. What caused you to choose it? Had you used one of the more expensive alternatives before that?

Igor and Adam Thanks for the replies.

 
Posted : 26/09/2015 1:19 am
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

I've heard a few people speak well of XWays.

A lot of forensic investigators and forensic experts love it. Especially in Europe.

One of my colleagues uses it. He told me that it is the fastest forensic software for his cases. It is worked when other forensic tools crashed.

 
Posted : 26/09/2015 1:36 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

Adam I've heard a few people speak well of XWays. What caused you to choose it? Had you used one of the more expensive alternatives before that?

Igor and Adam Thanks for the replies.

Tracedf, I'm former LE and our squad was fully EnCase but we generally got trained in lots of different tools and we could choose what we wanted to use, EnCase and FTK being the main two suites at that point. We had Stefan (Creator/owner/filesystem guru) over to train the entire team and it just made sense to me so I jumped in and haven't looked back.

Xways is very resource light on memory and cpu, very fast and reliable. EnCase was having some nasty crashing issues at that time which were frustrating so that also made the switch over more attractive. Some cases we had running would take a day or two just to load in EnCase, where as Xways loading was virtually instant and you were up and running.

There is a learning curve and I would highly recommend undertaking training at least once, more if you can as Xways is a more complicated tool to use and the logic in many cases is very "Stefan" which can be tough coming from FTK or EnCase.

Once you get your head around his way of thinking and doing things the software is actually very intuitive and the depth of functionality is excellent.

There is also a great book written by Brett Shavers and Eric Zimmerman (both regulars here) which is a must have for this software, they breakdown a lot of the more advanced functions of Xways in a common sense approach.

 
Posted : 29/09/2015 7:14 am
(@belkasoft)
Posts: 169
Estimable Member
 

Hello everyone,

Thanks for the interesting discussion.

While Belkasoft Evidence Center offers some functions which EnCase or FTK offer, we position BEC as a great complementary tool to those rather than a competitor. We have a lot of features which both EnCase or FTK are missing, so having our tool along with any of "big sharks" can give you better and quicker result. We are integrated with EnCase, so if this is your main tool you always have a possibility to import results back to EnCase.

However, what we are hearing all the time from our customers is that "80% of time BEC is enough to solve a case, so we need other tools just in 20% of rest cases". Besides, we hear that "BEC is much easier to use".

You are always welcome to check these statements yourself by requesting a free trial license at http//belkasoft.com/trial (just make sure you are using your business email).

 
Posted : 29/09/2015 10:52 pm
Share: