±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 4 Overall: 36595
New Yesterday: 5 Visitors: 104

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

AD Enterprise versus Endpoint Investigator

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

LFisher
Newbie
 

AD Enterprise versus Endpoint Investigator

Post Posted: Jan 16, 20 19:20

Does anyone have any opinions on AD Enterprise versus Endpoint Investigator? We currently use EnCase Basic for remote acquisitions/forensics. But since EnCase Basic has been replaced with Endpoint Investigator (and won't support macOS Catalina 10.15) we are evaluating which product we would will be moving to. AXIOM doesn't anticipate a solution until late 2020 from what I've determined. Any words of wisdom between these 2 products would be greatly appreciated.  
 
  

hommy0
Senior Member
 

Re: AD Enterprise versus Endpoint Investigator

Post Posted: Jan 17, 20 09:03

Hi,

Can you confirm what you mean by "Endpoint Investigator (and won't support macOS Catalina 10.15)"

If you are talking about Agent deployment and running on the Mac endpoint for remote acquisitions and forensics, I believe the recent release (8.11) of Endpoint Investigator has the agent that will run on Catalina.

Have you reached out recently to OpenText?

I have never used AD Enterprise, but have EnCase Endpoint Investigator/Forensic.

Other threads on this forum have commented about remote preview and acquisition of a Mac with a T2 chip, which was demonstrated at EnFuse using a beta of Encase.

Regards  
 
  

MagnetForensics
Member
 

Re: AD Enterprise versus Endpoint Investigator

Post Posted: Jan 17, 20 20:38

Hi LFisher,

We’ve heard consistently from our customers that they don’t have a satisfactory solution for remote acquisitions of macOS devices, and AXIOM may be an option sooner than you think Smile . We’ll be formally launching AXIOM Cyber soon, and the team is already hard at work on adding support for macOS devices to the remote acquisition capability in AXIOM Cyber, with a focus on logical file collections. We’re hoping to have early access to this capability as soon as the Magnet User Summit 2020 in May. Hope to see you there!

Jad  
 
  

LFisher
Newbie
 

Re: AD Enterprise versus Endpoint Investigator

Post Posted: Jan 21, 20 12:15

Hi Jad,

When I researched with your team early last year they were anticipating having something available in 2Q2020 or 3Q2020. Unfortunately, we are looking for a solution sooner than that.

Thanks for the response.  
 
  

LFisher
Newbie
 

Re: AD Enterprise versus Endpoint Investigator

Post Posted: Jan 21, 20 12:31

Hi Hommy0,

Yes I am talking about the Agent deployment and running on the Mac endpoint for remote acquisitions and forensics. We currently use Encase Basic which is the predecessor to Endpoint Investigator (EI). Unfortunately, according to OpenText the Encase Basic servlet does not support APFS (and is generating errors on our Catalina endpoints) but EI does. However, the cost to switch from Encase Basic to EI will be significant which is the reason we are evaluating EI versus Access Data's Enterprise tool. In addition, we have had quite a few issues with OpenText's technical support team that we never encountered with when they were Guidance Software.

Any additional feedback would be welcome.  
 
  

mjpetersen
Member
 

Re: AD Enterprise versus Endpoint Investigator

Post Posted: Jan 21, 20 14:52

We had the same issue as you noted with the support (Especially when Guidance was being bought). We have since migrated to AD Enterprise, (as well as AD E-Discovery) however, we are not looking at APFS systems. We have been using the AD Enterprise and have used the remote acquisition on numerous systems with some issues and successes. AD Enterprise does have servlets for Mac system, however we have not used them. For the initial review, AD took more time than Encase Enterprise. The issue is when you go to acquire, then it is really slow. If you lose connection to the host, you will need to re-acquire from the beginning.

Have you looked into F-Response and X-Ways?  
 

Page 1 of 1