Hi,

I'm a third year student based in the UK. I was going to purchase Encase 7 but from having a read around it sounds like it wont be worth the purchase. Anyone selling a version 6 dongle, please get in touch.  

I'm curious...why do you feel the need to purchase EnCase, with all of the other excellent and freely available tools that are out there?  

Most of my practical assignments spread over the rest of the academic year will be based on the usage of Encase. That plus the fact that it seems to be pretty much an industry standard seems like it would be useful for me to have outside of just scheduled lab sessions.

Which tools do you prefer?  

RegRipper, Perl (for creating my own tools), etc. Check any of my books.

There are tools such as Autopsy, SIFT, DFF, etc.

I guess that as much as I would hope that the "industry standard" would be for analysts to know enough about what they to do to make their choice of tool an educated and reasoned decision, what it really comes down to is, "everyone's doing it".  

- keydet89

I guess that as much as I would hope that the "industry standard" would be for analysts to know enough about what they to do to make their choice of tool an educated and reasoned decision, what it really comes down to is, "everyone's doing it".

Most computer forensics shops will dictate what tools their users use. If a company, as I expect most over here are, use encase then, they will probably want any of their other analysts to pick up where someone has left off - so standardisation will help. They may also be taking on a lot of defence work (or over here working for the police) - they may be required by the police to use a particular tool and/or they may receive evidence files (case files not images) in encase format.

So while I agree it would be great if an analyst coul dmake their choice, I think in reality they probbaly often can't.

IMO If the OP can afford it then he/she is right to go the route he is (and go for open source tools) it will not harm him when he comes to look for a job, and the fact that he has paid out for a tool does show a little more commitment.
_________________
Paul Sanderson
Reconnoitre, VSC processing made easy - www.sandersonforensics...oitre.html
www.twitter.com/sandersonforens 

anyone?  

If you can afford it get EnCase 7; you can download and use 6 too.

I see no point at all in specifically going for 6, it's been a legacy product for over a year with no new capabilities added to it. Want to view Mac Mail? Or view internet history from a version of Chrome or Firefox which has come out in the last year? Forget it. EnCase 6 will be even more useless by the time you get out into the field. If you must go for EnCase get the latest version. Better still go for X-Ways Forensics or the tools mentioned above.
_________________
Forensic Control
twitter.com/WeFindData