Has your agency upg...
 
Notifications
Clear all

Has your agency upgraded to EnCase V7?  

Page 1 / 3
  RSS
mansiu
(@mansiu)
Member

EnCase version 7 has been released for 6 months, Have your agency upgraded to EnCase V7?

We will have EnCase training soon and we found that EnCase training are version 7 now.

Quote
Posted : 04/01/2012 12:40 pm
Jonathan
(@jonathan)
Senior Member

✓ No, and am not planning to either.

ReplyQuote
Posted : 04/01/2012 5:25 pm
keydet89
(@keydet89)
Community Legend

Jonathan,

Can you elaborate on why that is?

Thanks.

ReplyQuote
Posted : 04/01/2012 6:39 pm
YogeshKhatri
(@yogeshkhatri)
Junior Member

I have v7 but still continue to use v6 for most stuff. Two reasons

1. They took out some very useful features like being able to see all mounted items in evidence in one single flat view (greenplate in encase terminology). v7 will only allow you to view one archive at a time! So that means that for your case involving 200 zip archives of jpg files, you can sure load em up at 1 click with a script, but painfully load and view one archive at a time once its mounted!

2. Most of what i do (artifact parsing) is automated with scripts, which I havent ported over to v7 and am actually seriously thinking about porting them to windows and releasing all of them as open source scripts.

Eventually there will be enough new features compelling us to move over to v7, but for now v6 is good enough.

ReplyQuote
Posted : 04/01/2012 7:48 pm
rhouse
(@rhouse)
New Member

After seeing all the issues that people where having with v7 we decided to not upgrade.

ReplyQuote
Posted : 04/01/2012 8:01 pm
hmorgan
(@hmorgan)
Active Member

not yet.
will do once its out of beta.

wink

ReplyQuote
Posted : 04/01/2012 8:23 pm
pragmatopian
(@pragmatopian)
Active Member

I had a look at the early beta versions hated the interface changes, and couldn't see enough merit in the other new features or improvements to justify the upgrade cost.

I'll get a current evaluation version to see if matters have changed since then.

ReplyQuote
Posted : 04/01/2012 10:43 pm
Ulsterman
(@ulsterman)
New Member

After attempting to use EnCase v7 several times, I have come to the opinion that it is a disaster. Horrible GUI, poor functionality and unstable.

My organisation spent several thousand pounds upgrading to this version only to feel we entered into a de facto Beta testing program.

After using EnCase as our primary tool since V2, we will now be resorting to FTK and X-Ways Forensics, mainly because they work.

RIP Guidance Software.

ReplyQuote
Posted : 05/01/2012 2:40 am
SFGAirborne
(@sfgairborne)
New Member

We got an evaluation copy…and we all hate it. Can't find Sweep Case, or Case Processor. The interface is terrible. Useful features are gone. Even the features that remain aren't working properly. We're trying to convince our employer to send us for EnCase training for V7, in case we're somehow missing something…but who knows? My agency uses V5, and I have a copy of V6.18 personally…they are both great. I hate 7.

ReplyQuote
Posted : 05/01/2012 2:42 am
Jonathan
(@jonathan)
Senior Member

Jonathan,

Can you elaborate on why that is?

Thanks.

Various reasons, primarily that it's just leagues behind X-Ways Forensics in almost any way you choose to look at it. Also EnCase 7 is just not ready, is it? If you're sticking with the Guidance route that leaves you with EnCase 6, which is fine, especially if you have some decent EnScripts to run on it. But hold on - it's now a legacy product as Guidance have put it out to pasture. A case could perhaps be made that if you've alternatives to hand it would be negligent to currently use EnCase 6 or 7.

ReplyQuote
Posted : 05/01/2012 4:12 pm
hmorgan
(@hmorgan)
Active Member

Jonathan,

Can you elaborate on why that is?

Thanks.

Various reasons, primarily that it's just leagues behind X-Ways Forensics in almost any way you choose to look at it. Also EnCase 7 is just not ready, is it? If you're sticking with the Guidance route that leaves you with EnCase 6, which is fine, especially if you have some decent EnScripts to run on it. But hold on - it's now a legacy product as Guidance have put it out to pasture. A case could perhaps be made that if you've alternatives to hand it would be negligent to currently use EnCase 6 or 7.

If you've alternatives then it's negligent not to use both.

For all its failings Encase has been used in anger for a lot longer by a lot more people than XWays without too many problems.

But version seven certainly has the air of FTK 2 (er 3) to it.

ReplyQuote
Posted : 05/01/2012 4:49 pm
Jonathan
(@jonathan)
Senior Member

For all its failings Encase has been used in anger for a lot longer by a lot more people than XWays without too many problems.

Agreed, though popularity and longevity are no indicators of quality; in this instance it's more of a marketing win. As I said, if you're currently using EnCase 6 (bugs no longer fixed) or EnCase 7 (which in many people's views is not fit purpose) in your lab when you've superior alternatives to hand that don't have these problems then it's negligent.

ReplyQuote
Posted : 05/01/2012 6:53 pm
minime2k9
(@minime2k9)
Active Member

Think this is missing a "We're on 6 and not moving until 7 is right" option

ReplyQuote
Posted : 05/01/2012 7:09 pm
binarybod
(@binarybod)
Active Member

How about an option entitled "We moved to Version 7 as soon as we could, we're loving it" ?

Paul

ReplyQuote
Posted : 05/01/2012 7:36 pm
Sonj
 Sonj
(@sonj)
New Member

V7 removed every single out-of-box feature that works well for fast triaging. Pre-configured conditions, filters, text styles are gone, making it difficult to deploy scratch installations for urgent or dynamic situations.

Selective and repeatable processing (although they claim to be addressing part of this), easy simultaneous review of numerous devices or mounted file structures - all gone. It has removed the easy and very flexible utility of bookmarking overlapping sets of data on the fly that v6 allows.

If you suffer from any RSI from years of using mouse-intensive interfaces, I would not recommend v7. It is more difficult to perform large scale repetitive work that cannot be easily automated due to some inherent human decision/review process.

The designers have decided that mousing from from one side of a widescreen to the other multiple times to deal with ONE ITEM is a good idea. They have grouped functions by similarity not workflow, yet not provided adequate or configurable keyboard shortcuts to bypass an interface that is quite inefficient.

While v6 is fast becoming obsolete due to its lack of recent file system support, weak viewer and out-of-box file signatures, it still limps along ok for our lab, our particular triage-oriented workflow and the vast majority of data we see. It is still our most effective conduit for dumping out user data for proper indexing and for pushing selected artifacts to a toolbox of more up-to-date and effective analytical tools.

Where is the "you will pry v6 from my cold, dead (numb) hands" poll option? D

ReplyQuote
Posted : 06/01/2012 3:10 am
Page 1 / 3
Share: