±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 13
Overall: 26959
Visitors: 54

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

ProDiscover vs. Encase/FTK 2

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

ProDiscover vs. Encase/FTK 2

Post Posted: Wed Mar 25, 2009 1:26 am

I have read some older posts on ProDiscover that essentially state it is not a very useful product, but good for the price. What about the most recent version? What are strengths and weaknesses of the package vs. Encase/FTK 2?

The only reviews I can find on the software are in SC Magazine, but I read on here that the magazine is pretty much bogus. If anyone has used ProDiscover recently and has some useful input, I would appreciate it.  

rjudy55
Member
 
 
  

Re: ProDiscover vs. Encase/FTK 2

Post Posted: Wed Mar 25, 2009 4:50 am

I use ProDiscover almost exclusively for Windows-based analysis, and use other tools as necessary. For example, for PCI-related examinations, I use EnCase as we have an Enscript that allows us to search for PANs and track data, reducing the amount of data that we need to go through. ProDiscover does not yet (v 5.5) have the ability to perform grep searches, but will soon...once it does, I will write a ProScript and perform testing.

I can answer specific questions for you. I no longer use FTK (1.8 or 2.x) because my dongles have expired and they are rather expensive. I do have EnCase, but writing a full-on evaluation between EnCase and ProDiscover isn't something I really have the time for. I will say, though, that I like ProDiscover because it's more intuitive and I can easily write scripts to help me do what I need to do.  

keydet89
Senior Member
 
 
  

Re: ProDiscover vs. Encase/FTK 2

Post Posted: Wed Mar 25, 2009 10:27 am

I agree with Harlan. EnCase has its benefits but when it comes to the ability to write your own scripts using the clunky EnScript language is very burdensome compared to using Perl which is the ultimate data processing language (and very easy to learn for those who are not really programmers).

From what I have seen people just starting out will use an EnCase or an FTK because they are somewhat of a "Jack of all Trades". But as you continue to grow as an examiner you begin to learn that there are many tools that do specific things much better than those tools. Dont get me wrong EnCase, ProDiscover and FTK are invaluable tools for this industry and I think most will agree that having at least one of the major platforms in your toolbelt is a must but we dont rely on those tools only.  

gtorgersen
Senior Member
 
 
  

Re: ProDiscover vs. Encase/FTK 2

Post Posted: Fri Mar 27, 2009 9:48 am

I have used both and they both function and both have their issues.

I and others in our shop have had issues with both crashing, but sometimes ProDiscover can be real touchy. I have used to preview a machine over the wire and grab relevant details of a system for malware and policy violation investigations.

It certainly helps to be on the same subnet as your target machine, Wink

I have not played with 5.5 yet but it sounds interesting. Due to our network full disk images are usually not an option, so an effective way to grab relevant files and details is helpful, so I need to check out the logical file collection capability  

rwuiuc
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1