Guidance Software Launches Online Training Program

Yep, the headline says it all but here's a bit more blurb from the press release:

"The program’s inaugural offerings—EnCase Computer Forensics I, EnCase Enterprise Implementation and EnCase v6 Features—are now available on demand. EnCase Computer Forensics I, one of Guidance Software’s most popular training courses, includes 32 hours of course work in 28 separate blocks of training. This introductory course is a hands-on experience that involves practical exercises and real-life simulations. The class provides participants with an understanding of the proper handling of digital evidence from the initial seizure and acquisition of the computer/media, to data analysis, archival and validation. The EnCase Enterprise Implementation module explains initial installation and configuration of the EnCase Enterprise platform. The EnCase v6 Features module is an individual, two-hour block of training that provides users with the latest updates included in the recently launched version of EnCase Enterprise, including explanations on new features."

I'm a big fan of online training in principle but I look forward to seeing what people make of this program in practice. Also, a cursory glance at the Guidance website revealed no pricing details - does anyone have that information?

What happened to FTK 2?

A selection of comments from a recent forum thread:

"The product is good, but wow is it unpolished and slower than...well it's slow."

"What I find frightening is that regardless of which system its used on, the performance still sucks. I have a quad core w/ 8gb ram, striped raptors and oracle on a raid 5 and it doesn't make a difference."

"...the problems seen in the latest 2.0 release of the venerable AccessData Corp. product, Forensic Tool Kit (FTK 2.0), just seem deeper and wider than I've run into elsewhere...

"I helped the dept decide to buy 10 licensed copies of FTK 2.0 about 3 months ago. To my regret, it has not turned out well for us so far."

"What really hurt me was the [lack of] ability to save all your case data to independent HDD's for better control and storage. There were also cases where the client wanted all the work to be done on site. They did not want their data leaving the premisses. With FTK 2.0 that made it pretty much impossible."

Things don't get much better elsewhere:

"What little credibility Access Data had in the past, is now gone. At least under their old management, they could focus on doing one thing, right. Now, management is so distracted by trying to play the enterprise and eDiscovery market that they have forgotten their core competency. All we get now are empty promises, buggy code, horrible customer service and promises of vaporware. I just can't risk my own career credibility by continuing to invest in such a product. I am going to stick with Guidance, which is the gold standard in this space."

To be fair, it hasn't all been bad news:

"...it's not all grim for FTK fans. AccessData still has about the best Registry Viewer application on the market, and the FTK Imager is, hands down, the best acquisition application for an unbeatable price. The Password Recovery Toolkit is an able application, and AccessData's telephone product support is first rate." [Craig Ball]

and it should be noted that SC Magazine awarded FTK 2.0 a "Best Buy" rating.

Overall though, you'd be hard pressed, even after Access Data CEO Tim Leehealey's attempt to repair some of the damage here, to see this release as anything other than a disaster for FTK's reputation. That's sad news for Access Data, for us as practitioners - especially those who had such high hopes for this new product - and for anyone concerned about the lack of competition in this marketplace.

Matthew Shannon, F-Response - Interview questions please!

The release of F-Response has prompted some considerable interest within the forensics community within the last few weeks and with that in mind I'm delighted to introduce Matthew Shannon as an upcoming interviewee.

Matthew Shannon is a Principal at Agile Risk Management LLC as well as a Founder and the Chief Software Architect of F-Response, a vendor neutral solution to remote forensics and eDiscovery.

Matthew has nine years of professional experience in private industry, including KPMG LLP, ExxonMobil, and United Technologies. Matthew is also a well received speaker and author. He has instructed the United States Secret Service on specific digital forensics techniques and was a well received speaker at the DEFCON 11 annual Information Security conference in Las Vegas, Nevada. Additionally, Matthew has been published in the International Journal of Digital Evidence for his work on incorporating statistical inference into digital forensics investigations.

Matthew graduated cum laude from The University of Florida in Decision and Information Sciences (BSBA) in 1999. In addition, Matthew holds numerous professional information technology certifications, and is the developer of Nigilant32, Agile Risk Management's premier Windows first responder tool.

Please add your interview questions for Matthew to this forum post, thank you!