±Forensic Focus Partners
New Today: 0
New Yesterday: 3
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
±Follow Forensic Focus
ProDiscover vs. Encase/FTK 2
The only reviews I can find on the software are in SC Magazine, but I read on here that the magazine is pretty much bogus. If anyone has used ProDiscover recently and has some useful input, I would appreciate it.
I can answer specific questions for you. I no longer use FTK (1.8 or 2.x) because my dongles have expired and they are rather expensive. I do have EnCase, but writing a full-on evaluation between EnCase and ProDiscover isn't something I really have the time for. I will say, though, that I like ProDiscover because it's more intuitive and I can easily write scripts to help me do what I need to do.
- Senior Member
From what I have seen people just starting out will use an EnCase or an FTK because they are somewhat of a "Jack of all Trades". But as you continue to grow as an examiner you begin to learn that there are many tools that do specific things much better than those tools. Dont get me wrong EnCase, ProDiscover and FTK are invaluable tools for this industry and I think most will agree that having at least one of the major platforms in your toolbelt is a must but we dont rely on those tools only.
- Senior Member
I and others in our shop have had issues with both crashing, but sometimes ProDiscover can be real touchy. I have used to preview a machine over the wire and grab relevant details of a system for malware and policy violation investigations.
It certainly helps to be on the same subnet as your target machine,
I have not played with 5.5 yet but it sounds interesting. Due to our network full disk images are usually not an option, so an effective way to grab relevant files and details is helpful, so I need to check out the logical file collection capability