±Forensic Focus Partners
New Today: 2
New Yesterday: 4
±Forensic Focus Partner Links
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
ProDiscover vs. Encase/FTK 2
The only reviews I can find on the software are in SC Magazine, but I read on here that the magazine is pretty much bogus. If anyone has used ProDiscover recently and has some useful input, I would appreciate it.
I can answer specific questions for you. I no longer use FTK (1.8 or 2.x) because my dongles have expired and they are rather expensive. I do have EnCase, but writing a full-on evaluation between EnCase and ProDiscover isn't something I really have the time for. I will say, though, that I like ProDiscover because it's more intuitive and I can easily write scripts to help me do what I need to do.
- Senior Member
From what I have seen people just starting out will use an EnCase or an FTK because they are somewhat of a "Jack of all Trades". But as you continue to grow as an examiner you begin to learn that there are many tools that do specific things much better than those tools. Dont get me wrong EnCase, ProDiscover and FTK are invaluable tools for this industry and I think most will agree that having at least one of the major platforms in your toolbelt is a must but we dont rely on those tools only.
- Senior Member
I and others in our shop have had issues with both crashing, but sometimes ProDiscover can be real touchy. I have used to preview a machine over the wire and grab relevant details of a system for malware and policy violation investigations.
It certainly helps to be on the same subnet as your target machine,
I have not played with 5.5 yet but it sounds interesting. Due to our network full disk images are usually not an option, so an effective way to grab relevant files and details is helpful, so I need to check out the logical file collection capability