Hello everybody,

From the very beginnings of dtSearch engine and its standalone products (dtSearch Desktop, dtSearch CD, ... etc.), I have made a wide use of this product. It is quite fast and (as far as my works are concerned) quite reliable. However, I have heard some rumours from our competitors about dtSearch not being able to index some documents, hence lacking some information when conducting an investigation.

My first question now is about this dtSearch misbehaving: has anybody experienced this lack of info in the indexes? If so, under which circumstances?

Apart from your experiences with this suite of programs, I'd be very pleased if you could give me some other alternatives to dtSearch. I mean, what other Full Text Indexing tools do you usually use? What are the alternatives to dtSearch?

Regards!  

- iruiper

Hello everybody,

From the very beginnings of dtSearch engine and its standalone products (dtSearch Desktop, dtSearch CD, ... etc.), I have made a wide use of this product. It is quite fast and (as far as my works are concerned) quite reliable. However, I have heard some rumours from our competitors about dtSearch not being able to index some documents, hence lacking some information when conducting an investigation.

My first question now is about this dtSearch misbehaving: has anybody experienced this lack of info in the indexes? If so, under which circumstances?

Apart from your experiences with this suite of programs, I'd be very pleased if you could give me some other alternatives to dtSearch. I mean, what other Full Text Indexing tools do you usually use? What are the alternatives to dtSearch?

Regards!

I think the tool depends on the amount of data you have. dtSearch is good, but not for large scale review. Attenex can handle large amounts of data with a neat interface.

No tool/app will be able to handle/index all types of file types. Every tool will have exceptions. A proper tool should be able to document/log any exception files. Then it is up to you to tackle those files separately from your other data set.  

I agree with datacarver, no one tool suits all needs. In some cases the version of dtSearch that is in FTK is fine, but I also have standalone versions of network and web dtSearch.

Additionally I am using an appliance from humanizing technologies at a couple of larger corporate clients and here in the lab for really large data sets. Since the appliance is dedicated it is significantly faster than a PC and really good at narrowing searches even for people that cannot or do not want to write complex boolean strings.  

If you need to index PST files evaluate Mercury by MicroForensics.

If you use *nix evaluate glimpse.


Cheers!

farmerdude

www.forensicbootcd.com

www.onlineforensictraining.com  

- BitHead

I agree with datacarver, no one tool suits all needs. In some cases the version of dtSearch that is in FTK is fine, but I also have standalone versions of network and web dtSearch.

I agree, too. As you mentioned dtSearch with respect to FTK, I'll point out that one must be careful, as FTK (at least in 1.x) does not permit certain granularity settings that the stand alone dtSearch affords. An important example is the ability to include HTML code. Because that option is not available in FTK, an indexed search will miss text hidden by certain code. X-Ways Forensics offers an excellent indexed search capability that's not hindered by the aforementioned limitation. I've heard nothing but good things about Mercury, at least in regard to its use with EnCase.

Concerning indexing with forsnsic "suites," I've noted that many examiners index certain items unnecessarily. Why index JPGs or AVIs, for example (you must index JPGs in FTK if you wish to carve them)?  

Hey guys, following on from ablove, I'm interested if any one has found a good indexing tool. We have the usual (Nuix, intella, ftk, encase, xways etc). I have been thinking about a tool that can index contents and metadata to sql might also be good (only found the normal ones).  

As a supporter of Australian-made product I have used OSForensic (see www.osforensic.com). For less than AU$600 it is value for money and indexes exactly what it claims to. Of course, it also doesn't index the other file types so you need to make sure the files you are interested in are on the supported list.

I've run side-by-side comparisons on large email files and its been value for money against some of the "usual suspects" as well as some enterprise search engines.