X-Ways forever. D
Is there a particular reason why you would want to stick with x-ways? What types of analysis have you done and have you been totally successful with just x-ways? I am asking because I would like to know which way to go. Do you mind to elaborate a little
It out classes the other 2 hands down. It's not even close. They add new things weeks or months before other vendors. Is cheaper in terms of software and hardware and the list goes on.
I've worked cp cases, hacking, national security related, ipr, to name a few.
As a newbie to the field, I was interested in your post about how the X-Ways vendor adds new things in advance of its competitors. How critical is it to have the additions hot off the presses? Aside from malware detection, how do investigators balance "tried and true" versus "hot-off-the presses" feature adds to their forensics software. Are the software releases fairly bug-free or do they 'crowd source' QA?
If you want a tool that works and you are not influenced by flashy websites, a colorful photo of a pig on wheels, high prices, tool failures during an exam, and poor support, go for X-Ways. I'm waiting for the day that Miley Cyrus will be on either the Guidance or Accessdata websites to help them sell their software…
You can also buy two X-Ways licenses for the price of one of either or the other tools. Add the X-Ways Guide (http//xwaysforensics.wordpress.com/) and you are good to go.
When I first started forensics, many of my colleagues swore by FTK, claimed it was the best, the easiest, etc. I found that I preferred Encase, for a variety of reasons, but mostly because at the time, version 5, Encase mostly only did what I wanted it to do. FTK was all up-front processing and automation, almost an all the work you didn't know you wanted scenario.
Obviously by Encase 7, we saw that Guidance was more interested in complicating things to the point that their basic functionality was lost, or obfuscated to the point that it may as well have been. So when I got back into forensics after a 2 year break, I realized that I needed a new tool. When I began using X-Ways, I was intimidated. It does not have a flashy GUI, nor does it spoon feed you. The manual was dense and not necessarily an easy how-to guide.
Taking the 1 week training course was the best thing I could do as it showed me first hand the power and potential that X-Ways offers. Obviously Shavers and Zimmerman's X-Ways Forensics Practitioners Guide is a must buy as it complements everything I learned in class, plus even more functions and features and it is written in an easy to understand format, perfect for highlighting and referring to again and again.
The last two things I would mention are that X-Ways has one of the best imagers I have ever used and its compression techniques are second to none. I would also like to stress as others have just how much more budget friendly a license with X-Ways is compared to Access Data or Guidance or even Nuix. In this modern age of tight budgets, you can save a lot of money by just keeping the license fees down. Just my two cents.
Just looking for some thoughts about this If most agencies in my area use FTK, on one hand it would be nice to have the updated version of FTK as it would make working on cases and sharing information easier (I think?).
Or the flip side of the coin would be it would be nice to have a different program such as X Ways or EnCase to offer something different and leverage the strengths of a different program? Also it could be used to validate results? What's the thoughts out there? I work for a mid size department and most departments around us can only afford one forensic tool, but perhaps I could use the cost savings of X Ways for other equipment as well…
FTK for bulk automated processing, X-Ways when you want to get into the weeds.
If you can afford it I'd definitely look to have Xways and either FTK/EnCase for exactly the reasons you said, validation and leverage the strengths that some tools may have over others.
But if you only have one tool then Xways I think offers far more functionality, speed and reliability that the other two, not to mention much cheaper. D
I think you might also want to compare how each tool generates reports.
X-Ways is great, for the reasons given, though it's not perfect. I find it increasingly crash-prone (especially when processing OST and EDB files) with the 64-bit version being worse in this aspect than the 32-bit version.
Email in particular is not it's strong point; I'd rather rely on Proof Finder for processing the email the X-Ways locates.