Encase Enterprise or AccessData Enterprise?
Anyone using AccessData Enterprise? If so, what do you think of it and what's the pricing of it? I know of the major issues they have had in the past year am wondering if the Enterprise version of AD suffered from the issues also?
Do the people using EnCase Enterprise recommend it? Are you satisfied with it?
I'm looking for an enterprise product, because we have about 3 examiners geographically dispersed and our locations are dispersed across the US and a few overseas.
Thanks in advance,
F-Response EE is just under $5K, allows for unlimited remote systems, and has been recommended on the EnCase user forums over EEE (not by me…by others).
Take a look at it…
I second that motion. If you have the budget for one of those other enterprise editions, you could instead set up 3 full forensic labs for your examiners with lots of goodies like F-Response EE and still have money left over (and be able to do just about the same thing using F-Response, if not a few things more).
I vote for F-response over the other 2 products - you can use other forensic software with it, not just the enterprise vendors, well supported and truly brilliant.
If I had no choice and had to take either EE or ADE, it would be EE based on maturity and stability.
1 F-Response EE dongle + XWF dongle + 1 Grande Mocha Everyday for a Year = handles the majority of what you need for way less than $10K.
I wholeheartedly agree with the others recommending F-Response EE. It is one of the most well-designed products that I have ever used, is vendor neutral and I've tested with X-Ways, EnCase and FTK and the only problems that I encountered turned out to be related to Microsoft Windows configuration, not the F-Response software, itsef.
There are target implementations for Windows, OS X and Linux and I am told that others are in the works. I recently did a test acquisition of a number of remote computers over the Internet using an SSL VPN and F-Response and it worked, flawlessly.
I strongly recommend it and you can get a 30-day fully functioning dongle which supports all of their technologies for a little more than $100.
F-response is good. I've used EEE before…it's buggy and expensive.
The problem I'm having right now with F-Response is that it does not keep audit logs of the activity and the network connections are not encrypted. Those two things are important in a corporate environment.
I can see needing encryption over the Internet…well, maybe not.
What are the technical reasons for encryption in a corporate environment?
With respect to audit logs…that's what documentation is for. F-Response EE allows you do do things, but doesn't actually do them for you. For example, you can connect to a remote system and run RegRipper, which *does* keep audit logs.