What Forensic Softw...
 
Notifications
Clear all

What Forensic Software do you recommend if buying personally

77 Posts
16 Users
0 Likes
5,086 Views
(@reedsie)
Posts: 48
Eminent Member
Topic starter
 

I recently just passed my GCFA and was curious as to what software is good for analyzing data/memory, indexing files in allocated and unallocated space?

I realize everyone is going to say FTK or Encase but keep in mind, I am buying this with my own proceeds not the companys so what software program can you recommend?

I currently use Helix Pro & FTK Imager for obtaining images.

Any advice or insight would be great.

 
Posted : 16/12/2009 3:38 am
(@armresl)
Posts: 1011
Noble Member
 

The best is the best, you can't be on a budget for software. For the most part every examiner has a copy of Encase and FTK in their toolbox, it would be good of you to get both.

Someone is having a sale on FTK in the for sale section. 2 copies for 3k, that is a steal.

 
Posted : 16/12/2009 3:45 am
(@reedsie)
Posts: 48
Eminent Member
Topic starter
 

I would love to if I had the money to do so….

Any other suggestions?

 
Posted : 16/12/2009 4:16 am
(@ba2llb)
Posts: 38
Eminent Member
 

I recommend you investigate the tools listed on the Open Source Digital Forensics web site. Also, "the Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit." (Brian Carrier)

 
Posted : 16/12/2009 6:14 am
(@reedsie)
Posts: 48
Eminent Member
Topic starter
 

Thanks I have used this and I am looking for commercial software to use.

How about Xray forensics? Winhex to be exact.

Thanks

 
Posted : 16/12/2009 6:40 am
(@kovar)
Posts: 805
Prominent Member
 

Greetings,

X-Ways is the best value for the dollar if you're technically inclined. It is designed for knowledgeable analysts and the learning curve is a bit steep. Once you get up that curve, it is a very powerful, reliable, tool.

-David

 
Posted : 16/12/2009 6:53 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

there's no need to purchase any software. There are enough free/open source solutions that a knowledgeable analyst could do everything that could be done with the commercial tools, and even more, using just what's freely available.

It's not about the tool…and analyst who's a "tool" will make a mess of a case regardless of whether they're using FTK or EnCase or anything else. There are plenty of free and open source solutions out there that a knowledgeable analyst can use to great effect.

I'm putting together an internal training package, and part of it includes analyzing an image. I'm doing the analysis, as well…oddly enough, I don't have any commercial tools at my disposal, but I'm already mostly completed with analysis AND reporting.

 
Posted : 16/12/2009 8:16 am
(@patrick4n6)
Posts: 650
Honorable Member
 

there's no need to purchase any software. There are enough free/open source solutions that a knowledgeable analyst could do everything that could be done with the commercial tools, and even more, using just what's freely available.

It's not about the tool…and analyst who's a "tool" will make a mess of a case regardless of whether they're using FTK or EnCase or anything else. There are plenty of free and open source solutions out there that a knowledgeable analyst can use to great effect.

I'm putting together an internal training package, and part of it includes analyzing an image. I'm doing the analysis, as well…oddly enough, I don't have any commercial tools at my disposal, but I'm already mostly completed with analysis AND reporting.

I could walk to the shops every time I need food and carry the bags back, but prefer to drive. Or perhaps I should have a farm in my back yard and grow my own food?

Automation - once validated - can save a considerable amount of time for repetitive tasks and if you're looking for a tool set that automates some of those tasks, then that's your prerogative and frankly the smart option. Just make sure you understand what you are doing, and don't just rely on your tool because the maker tells you so. Like I said, validate.

I use FTK because I have a lot of experience with it and have training on it, and I use X-Ways because it's both inexpensive, but also really raw and powerful which makes it fantastic for validating results. For imaging, there are plenty of free solutions like the 2 you indicated, so don't be fooled into paying unless you really want a hardware solution, although remember that FTK Imager requires a hardware write blocker to be forensically sound when imaging hdds. All live boot disks have shortcomings in so far as limited compatibility, so be prepared for them to fail in the field and plan for a backup solution.

If you're just doing what you said in your OP, then X-Ways will likely do the job for you for analysis of disks. Memory stuff is still evolving and there's multiple free solutions if you want to save money. I can't recommend any specific one yet.

 
Posted : 16/12/2009 8:40 am
(@douglasbrush)
Posts: 812
Prominent Member
 

there's no need to purchase any software. There are enough free/open source solutions that a knowledgeable analyst could do everything that could be done with the commercial tools, and even more, using just what's freely available.

It's not about the tool…and analyst who's a "tool" will make a mess of a case regardless of whether they're using FTK or EnCase or anything else. There are plenty of free and open source solutions out there that a knowledgeable analyst can use to great effect.

I'm putting together an internal training package, and part of it includes analyzing an image. I'm doing the analysis, as well…oddly enough, I don't have any commercial tools at my disposal, but I'm already mostly completed with analysis AND reporting.

Agreed with Harlan. The past year I have purchased both collection software and analysis software and find myself gravitating to the less expensive niche software packages more and more for both tasks. I am not trying to be anti-commercial, but the free or lower cost targeted solutions do such a fine job that I have a harder time justifying the cost of the larger "name brand software". Those are great pieces of software and I do train and use them all the time but the real winners for me are the narrow focus tools. It really depends on what type of clients you are serving and what the deliverables are.

 
Posted : 16/12/2009 10:58 am
(@reedsie)
Posts: 48
Eminent Member
Topic starter
 

Awesome, I would like to thank all of you for you responses.

I agree some of the open source tools are wonderful but that being said they are time consuming so some automated tools would be excellent for analyzing bigger images.

I am aiming towards WinHex, I have downloaded part of the version and used it and I honestly like it so far. I also agree depending on the situation what tool to use is critical. I honestly love the open source linux tools but they take forever and a day to complete. I understand you need to be able to explain exactly what the tools are doing and I can do that, it's just more about automating and speeding up the process!

In regards to the clients, I honestly don't know yet. I am looking to get into consulting in addition to my primary Systems Manager position. Unfortunately, I am in Michigan so I need to get PI license so it's a little longer process. I'm evaluating my options and honestly haven't looked out in the private sector to see what if anything is really available.

Thanks for all of your insite and if any other suggestions come up, shoot them over to me!

 
Posted : 16/12/2009 7:07 pm
Page 1 / 8
Share: