All,
I was notified that I have to spend $5,500 today and I can use it for Forensics software.
One catch - I can't spend over $3,000 for any one item/vendor so that eliminates FTK, Encase.
If I said, "spend $5,500" today, what would be the software you would buy first?
I was thinking X-Ways as an alternative to Encase/FTK because of the price. I was also looking at IEF. I'm curious on your feedback.
What software do you already have? What kind of job/cases do you do?
This may be useful
http//articles.forensicfocus.com/2011/07/23/digital-forensics-on-a-less-than-shoestring-budget-part-2/
Does the hardware also need to come out of the $5500? Or is that a separate budget?
What software do you already have? What kind of job/cases do you do?
It's going to be for training purposes and we might see a couple cases a year. Possible intrusions, email phishing attacks, etc.
I have X-ways, Moonsols Pro and that's about it. I mostly use OpenSource tools so I can't think of many commercial tools off the top of my head. As for hardware, yeah, I don't really need it. I have a forensics write blocking kit. We have powerful systems and with the few issues we deal with it wouldn't be worth it. Hardware also comes from another "pot" of money.
I am also awaiting a quote from IEF, which I will be buying their professional portable version.
So X-Ways, IEF Pro Portable, and Moonsols. Everything else is OpenSource.
That's pretty much it.
Does the hardware also need to come out of the $5500? Or is that a separate budget?
Different pot of money.
I got a 1 day extension so I would appreciate any suggestions. Thanks!
So far X-Ways and Moonsols are the only items I could get quotes for and process.
If you're analyzing Mac OS X machines and/or iOS devices, BlackbagTech's Blacklight might be useful.
Never used X-Ways myself so I can't really recommand it. But I hear it's a good software.
A good password cracker might come handy Passware Forensics.
If you have to perform data recovery (erased partitions, folders, etc.) you might want to checkout R-Studio Technician.
To be able to create VMs from disk images and "boot" them in a forensically sound way, check out Virtual Forensic Computing.
If you need to acquire data from PITA computers (RAID, laptop, netbook, etc.) ForensicSoft SAFE boot disk is a great tool. For live computer, you might want to check out F-Response.
But for the real forensic analysis part, we mainly use Encase and FTK. But I believe they cost more than 3000$…
also a web history analyzer is nice.. such as Digital Detective's netanalysis tool or Cacheback
Could do you a deal on our OSForensics product if you were interested. Just PM or E-mail me.