±Partners and Sponsors
New Today: 3
New Yesterday: 4
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
±Follow Forensic Focus
ProDiscover vs. Encase/FTK 2
The only reviews I can find on the software are in SC Magazine, but I read on here that the magazine is pretty much bogus. If anyone has used ProDiscover recently and has some useful input, I would appreciate it.
I can answer specific questions for you. I no longer use FTK (1.8 or 2.x) because my dongles have expired and they are rather expensive. I do have EnCase, but writing a full-on evaluation between EnCase and ProDiscover isn't something I really have the time for. I will say, though, that I like ProDiscover because it's more intuitive and I can easily write scripts to help me do what I need to do.
- Senior Member
From what I have seen people just starting out will use an EnCase or an FTK because they are somewhat of a "Jack of all Trades". But as you continue to grow as an examiner you begin to learn that there are many tools that do specific things much better than those tools. Dont get me wrong EnCase, ProDiscover and FTK are invaluable tools for this industry and I think most will agree that having at least one of the major platforms in your toolbelt is a must but we dont rely on those tools only.
- Senior Member
I and others in our shop have had issues with both crashing, but sometimes ProDiscover can be real touchy. I have used to preview a machine over the wire and grab relevant details of a system for malware and policy violation investigations.
It certainly helps to be on the same subnet as your target machine,
I have not played with 5.5 yet but it sounds interesting. Due to our network full disk images are usually not an option, so an effective way to grab relevant files and details is helpful, so I need to check out the logical file collection capability