Im studying computer forensics at uni and am having to write a report comparing Encase to FTK. ive read some of the answers allready posed to this question and have gatherd that alot of it comes down to personal prefrance as they are both very good at what they do.
could anyone out their inform me of what exactly Encase can do that FTK cannot and vice-versa during all the different and distinct phases of a computer forensic investigation?
ive had a VERY limited amount of time using both.
All comments welcom thanx, Chris.
One very powerful advantage of EnCase are EnScripts. These allow many more features to be added into EnCase which can help to save a lot of time and make our jobs easier )
FTK doesn't do that
One very powerful advantage of FTK is Full Text Indexing.
Encase doesn't do that.
😉
Hmm, I thought it did. We use the LE edition, and I'm sure that does indexing, I will admit to still be a n00b at both tho…. saw a preview of FTK2.0…should be good, I suspect we'll switch completely to that when it comes out.
Cheers peeps )
ive got the trial copy of FTK2.0 and have noticed how handy the index search is, but im also geting the impresion through research that once you get to grips with EnScrips its very powerfull! FTK seems easeyer to pick up and use and ive been told EnCase has a steaper learning curve but is very good once tackled.
am i right in thinking Encase can handle foreign language Unicode but FTK cannot?
Thank agian, Chris
Cheers peeps )
am i right in thinking Encase can handle foreign language Unicode but FTK cannot?
FTK 2 now handles Unicode, AFAIK.
Greetings,
FTK 2 handles Unicode and the Asia version of 1.7 does as well.
-David
Cheers again people,
when i said i had the trial version of FTK 2.0 i ment 1.7. doh! 😯
well my reports in today so i dont think il be able to skim any more info off you lot this time.
thanx again, Chris
I like both for different reasons. While I can't speak for FTK 2.0, if I had to choose only one it would be Encase.
First, one cannot have enough tools in the bag Helix 3 by e-fense, SMART, WinHex/X-Ways, I-Look, and etc.. are other viable goodies. FTK is really strong in Indexing, Email Analysis, Reporting, Password Cracking, and Windows Registry Analysis. I also believe FTK imager is superior to that of EnCase. No dongle is needed and can be run off a thumb drive. One is able to preview and image in multiple formats and convert EnCase E01 files to other formats such as raw/dd, and AD. FTK is also much…much more stable than EnCase. In the lab we refer to EnCase as "EnCrash"….need I say more.
EnCase is strong in partion recovery, running scrpts (Enscripts), bookmarking flexibility, and of course the FIM/Enterprise offers live network imaging and etc. at a rather hefty price.
I was trained and used EnCase for over a year before being trained at FTK. FTK seems more user friendly and intuitive than EnCase. FTK is now typically my first choice when comes to doing an examination. However, it is not the end all and do all tool. Nothing is…….
__________________
LVMPD - Det. , EnCE
USSS LV-ECTF Computer Forensic Examiner