FTK versus X-Ways F...
 
Notifications
Clear all

FTK versus X-Ways Forensics (WinHex)

5 Posts
4 Users
0 Likes
688 Views
(@hvs-forensic)
Posts: 4
New Member
Topic starter
 

I’ve to buy a forensic tool in the next couple of days. I’m not sure which one to buy – my last choice is between FTK or X-Ways Forensics (WinHex). Most features in both tools are the same but they have minor varieties (e.g. index search).

Has anyone practice experience which tool is better for Windows Forensics?

Thanks

 
Posted : 22/04/2006 12:19 am
scottamoulton
(@scottamoulton)
Posts: 29
Eminent Member
 

I have used them all and I beleive they each have positive points. If those are your two choices, I would without a doubt do FTK. However I would tell you that you should get the whole Ultimate Toolkit. There are some features that the index calls on from the whole kit and there are times you can not be complete without it. I would also tell you it is rare I only use one of those on any case. I would mostly use Encase and FTK at the same time on the same case depending on what I am doing. Winhex can not do a few things yet. Like it can not look at Protected storage, does not process the Event Logs and a few other items you would have to do manually.

 
Posted : 22/04/2006 1:09 am
(@farmerdude)
Posts: 242
Estimable Member
 

hvs-forensic,

Unfortunately your question won't result in an absolute answer. That's like asking which soda one prefers … or which Linux desktop environment … etc. It's a very personal choice in almost every case - what one feels comfy with, likes, etc. Both of those programs are good programs, and both have active development, and both have some unique features. You may find FTK the more complete and easier of the two at the moment to interact with and learn. Or vice versa.

My recommendation is to grab an evaluation version of all programs you're interested in and test drive them for yourself. Opinions from the peanut gallery may provide some insight, but it's purely unique and personal. Your own evaluation will probably be best for you.

regards,

farmerdude

http//www.forensicbootcd.com

http//www.farmerdude.com

 
Posted : 23/04/2006 3:19 am
 Andy
(@andy)
Posts: 357
Reputable Member
 

Buy them both. Best practice is to use one tool to validate the findings of another, also you become familiar/skilled in more than one forensic tool.

 
Posted : 23/04/2006 11:25 am
(@farmerdude)
Posts: 242
Estimable Member
 

If you're looking for validation you might consider investing in a program that runs on a different operating system platform. For example, you might invest in FTK and SMART for Linux to both use and validate with.

regards,

farmerdude

 
Posted : 23/04/2006 6:33 pm
Share: