Forensic Explorer: ...
 
Notifications
Clear all

Forensic Explorer: looking for anyone with experience of use

13 Posts
5 Users
0 Likes
1,228 Views
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
Topic starter
 

Hi all,

I'm just wondering if there's anyone out there using GetData's Forensic Explorer regularly on live cases who could weigh in on how it compares to say X-Ways and/or EnCase for features, performance etc.

I've downloaded the evaluation version and am so far quite impressed by it (admittedly I've only tested it against some small sample image files). I would just appreciate feedback from anyone using it for actual casework.

It seems to have a very affordable price for what it appears to be.

Thanks in advance,

Ben

 
Posted : 14/09/2016 1:03 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Forensic Explorer (FEX) has very powerful file carving capabilities. I am a Forensic Explorer Certified Examiner.

FEX was able to carve (recover) deleted Gmail files and folders from a Windows OS machine that none of my other tools were able to recover.

 
Posted : 14/09/2016 6:55 am
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
Topic starter
 

Forensic Explorer (FEX) has very powerful file carving capabilities. I am a Forensic Explorer Certified Examiner.

FEX was able to carve (recover) deleted Gmail files and folders from a Windows OS machine that none of my other tools were able to recover.

Thanks for your reply, it is much appreciated. Out of interest is it your primary tool, or more for secondary validation?

Also, when the maintenance expires, does it cease to work altogether, or will it keep working with whatever version was current at the time?

I've not come across anyone here in the UK that is using it that I am aware of. That being said, I've found a few blog articles in which the authors sing its praises.

It looks very impressive based on what I've seen so far.

Thanks again,

Ben

 
Posted : 14/09/2016 1:20 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

I just bought Forensic Explorer. So far, I've only used it on some old drive images to test, but it performs really well. EnCase has a broader feature set, largely because of all the third-party EnScripts available but Forensic Explorer is more stable and much faster. I'm planning to make it my primary tool.

 
Posted : 14/09/2016 8:03 pm
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
Topic starter
 

I just bought Forensic Explorer. So far, I've only used it on some old drive images to test, but it performs really well. EnCase has a broader feature set, largely because of all the third-party EnScripts available but Forensic Explorer is more stable and much faster. I'm planning to make it my primary tool.

Thanks for your reply.

Forensic Explorer has its own scripting engine in Pascal though, right?

As someone who has just bought it, is there much of a community for sharing scripts etc, beyond the built-in ones? I noticed there's a "login" section on their website and wondered if there was a "community" section in there.

Cheers,

Ben

 
Posted : 14/09/2016 8:53 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

Forensic Explorer has its own scripting engine in Pascal though, right?

As someone who has just bought it, is there much of a community for sharing scripts etc, beyond the built-in ones? I noticed there's a "login" section on their website and wondered if there was a "community" section in there.

It is currently in Pascal but they are talking about a new engine using Python. I don't know how far they are on that or what the timeline is.

I will ask about sharing scripts. I'm not aware of a repository but that doesn't mean there isn't one.

Regards,

Steven

 
Posted : 15/09/2016 1:37 am
(@dcs1094)
Posts: 146
Estimable Member
 

I have used it briefly in the past albeit never to its full potential so cannot compare it too much with other tools. Believe in the end we had a couple licences as we were impressed with the overall ability (it could do everything we required it for). Very user-friendly interface and also 2nd the comment on the carving ability.

 
Posted : 15/09/2016 1:08 pm
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
Topic starter
 

I have used it briefly in the past albeit never to its full potential so cannot compare it too much with other tools. Believe in the end we had a couple licences as we were impressed with the overall ability (it could do everything we required it for). Very user-friendly interface and also 2nd the comment on the carving ability.

That's good to know, thanks!

 
Posted : 15/09/2016 1:58 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Q "Thanks for your reply, it is much appreciated. Out of interest is it your primary tool, or more for secondary validation?"

A I setup databases in Axiom/IEF, Forensic Explorer and OSForensics for each drive I am examining. I like to see what evidence is common among the three tools and also investigate evidence that only one tool uncovered. I will also setup an Autopsy database sometimes if I think I am still missing something. Validation, validation, validation.

Q Also, when the maintenance expires, does it cease to work altogether, or will it keep working with whatever version was current at the time?

A I am not sure- I will see sometime in 2017.

Every tool has its strengths and weaknesses, but in my opinion GetData's main strengths are file carving and also Mount Image Pro image mounting capabilities.

 
Posted : 16/09/2016 2:03 am
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
Topic starter
 

Q "Thanks for your reply, it is much appreciated. Out of interest is it your primary tool, or more for secondary validation?"

A I setup databases in Axiom/IEF, Forensic Explorer and OSForensics for each drive I am examining. I like to see what evidence is common among the three tools and also investigate evidence that only one tool uncovered. I will also setup an Autopsy database sometimes if I think I am still missing something. Validation, validation, validation.

Q Also, when the maintenance expires, does it cease to work altogether, or will it keep working with whatever version was current at the time?

A I am not sure- I will see sometime in 2017.

Every tool has its strengths and weaknesses, but in my opinion GetData's main strengths are file carving and also Mount Image Pro image mounting capabilities.

Thanks for the clarification and the explanation - I've since checked the (rather hefty) user guide and found that licences are perpetual.

I've been messing with the 30 day trial and it looks good so far. It's just good to get viewpoints from actual users.

Thanks again,

Ben

 
Posted : 16/09/2016 2:08 am
Page 1 / 2
Share: