Basically I've got to write a report on EnCase and how I found it. Thing is I'm struggling to find many disadvantages. I'm only in first year and to be honest Forensic Computing is more of a side stream, so I've not had any experience with other Forensic Softwares. If any can help me please do!!!
Excuse me for being dense but unless your project is to do a survey, aren't you asking the community to do your work for you?
After all, in your original post you said that you had to write a report on EnCase and how I found it.
fair enough it does seem like that
however I have wrote about how I found it but I'm told I also need to include the advantages and disadvantages of the EnCase software. Having never used another piece of forensic software I can't really compare it with anything else so I was wondering if anyone knew of any specific disadvantages other than cost.
Did you find it more difficult to use or understand or get useful information from than the software you use in your primary field of study?
Download the demo version of FTK and play around with a small drive, be it a flash drive, floppy disk, or a small hard drive with less than 5000 files on it (the demo's limit). I assume from your posting that you have some experience with EnCase? Try some of the things that you did with EnCase to see if there are differences.
Here's another hint, this has been discussed on here before. Do a search to try to locate. it. I believe there was some discussion as to which is better, and in that there were pros and cons of each.
Hope that helps.
electrogirl there is also a demo of Encase software, i got some spare disks with it if you want one PM me.
Thanks for your help guys.
@CforPro, I searched and found some useful discussions so thank you for suggesting that.
Just a suggestion, and this may be outside the scope of what you're trying to do, but pick a task or a series of progressively more complex tasks, and compare them to doing them with EnCase as opposed to other tools…including open source.
Here's another hint, this has been discussed on here before. Do a search to try to locate. it. I believe there was some discussion as to which is better, and in that there were pros and cons of each.
Paraben has just such a comparison on their website.
I would caution you, however, to make sure that you properly attribute any information that you derive from these references to the original source for three reasons.
First, it is the right thing to do.
Second, you don't want to risk being accused of plagiarism.
Third, comparisons are frequently out of date and, sometimes, just plain wrong, so you don't want to take the blame for someone else's mistake.
As for the downside of EnCase, I prefer to think of relative strengths since each tool attempts to address the specific needs of the users. For example, FTK very early on supported rapid ad hoc queries. It did so by creating inverted indexes of the case strings during acquisition. This made querying fast at the expense of a long acquisition time. Also, by default, FTK does carving during acquisition whereas in EnCase, this can be done via scripts after the image is acquired.
EnCase was much slower at ad hoc queries (though now it offers an option to index a case), but it acquired data much more quickly.
Was this a "problem" with EnCase? Not really. Just a difference in emphasis.
One of the bigger issues that I see with EnCase that you wouldn't see with limited exposure, is a problem with quality control. While EnCase 6 was a significant enhancement over 5, there have been reportedly many issues with more recent subversions including one which required a release to be pulled just after release. To be fair, however, Guidance Software Customer Support is, overall, very good and very responsive not only to bug reprts but also enhancement requests.
Similarly, FTK version 2 had many problems, so much so that many people decided not to upgrade from 1.8. FTK 3, however, is much more solid, although setup is more complicated than with EnCase.
There are many other observations that I have from using these and other tools, but they would not, likely, be spotted by someone who didn't use these tools, regularly, so it wouldn't be appropriate to include them in your report.