Hi there,
I have been a silent reader of ForensicFocus for a decade. I am planning to develop a Computer Forensic Suite with my students and colleagues. I need your expert opinions to do it right from the beginning.
1. I would like to know what are the features you, as forensic experts, would like to see in a Computer Forensic suite that, you feel, are missing or not so excellently devised in today's popular suites, such as FTK, EnCase, XRY, X-Ways, etc.?
2. Do you think it is a wise idea and commercially feasible to develop a (yup, yet another ) ) commercial forensic suite?
I highly regard and appreciate your opinions.
Regards,
Could you just simply make an all in one suite, Extraction, Analyzing, Recovery, and just everything Forensic wise in one package?
For me personally, no. For others, maby.
I prefer modularity and not an "all in one" solution. I want to be able to use components that are very good instead of such a solution, i have taken a look at FTK, Encase and Prodiscover and there is always something missing.
Also, your students will move on to jobs or more studies and the code has to be maintained by someone - do you, or any of them have plans to add features, add different file formats and fix bugs? What about support?
I'm not saying you shouldn't do it, but you must realise that developing something is a bit more than just compiling something and putting it on CNet, or releasing the sourcecode on github.
Could you just simply make an all in one suite, Extraction, Analyzing, Recovery, and just everything Forensic wise in one package?
Thanks!
The suite would surely have all the components required to conduct computer forensic that include "Extraction, Analyzing, Recovery, etc.", as you mentioned.
Thanks MDCR for the detailed response.
I prefer modularity and not an "all in one" solution. I want to be able to use components that are very good instead of such a solution.
Noted your suggestion and I agree with you on modularity. If the user wants to have all modules, it would become an "all in one" suite otherwise required components can be used stand alone.
i have taken a look at FTK, Encase and Prodiscover and there is always something missing.
Exactly, that's what I wanted to know. If you can please specify those missing things, I'd try to include them and focus on them.
Also, your students will move on to jobs or more studies and the code has to be maintained by someone - do you, or any of them have plans to add features, add different file formats and fix bugs? What about support?
I'm not saying you shouldn't do it, but you must realise that developing something is a bit more than just compiling something and putting it on CNet, or releasing the sourcecode on github.
Oh, I think I couldn't explain properly in my post. I will be doing it with my "colleagues" and the students would help mainly in research and at some extent in development.
As it would be a commercial software, definitely the support and regular updates is part of the plan. The core team will stay as well as if some of the students who would want to join the team later.
Thanks!
The suite would surely have all the components required to conduct computer forensic that include as you mentioned "Extraction, Analyzing, Recovery, etc." as you mentioned.Then my friend, please make me aware so I can buy it from you D
Thanks!
The suite would surely have all the components required to conduct computer forensic that include as you mentioned "Extraction, Analyzing, Recovery, etc." as you mentioned.Then my friend, please make me aware so I can buy it from you D
I am happy to have a potential client this quickly. lol
A full blown forensic suite development will take a long time. Meanwhile, you can buy another suite and start working. )
Just get back to me when ever you finish it, or if you have a product ready, for either purchase of for even Testing, since I'm a digital forensic examiner, I could be an Alpha tester for you if you ever need one.
I'm always on the look out for new software's and forensic capabilities that can make my daily task easier, so just PM me if anything. )
I do hope this project goes well. But I don't think this is an achievable goal at least to a decent degree. There are way too many variables based on user preference, UI, API, compatibility, etc… that isn't attainable in our field (IMO).
EnCase, FTK, X-Ways, and all the others are trying to do the same thing. They take customer feedback and try to integrate it into an already complicated and complex platform.
I think this where why SIFT and other distros are more successful. They are very modular and open source but can only function as a stand-a-lone OS which doesn't par well with over-the-wire forensics unless you have F-response or if EnCase will open up a version for *nix or OSX platforms.
I do hope this project goes well. But I don't think this is an achievable goal at least to a decent degree. There are way too many variables based on user preference, UI, API, compatibility, etc… that isn't attainable in our field (IMO).
Thanks for your time and helpful post.
I know it'd be a really tough target to achieve but we humans perform best when challenged or at least I think so. )
EnCase, FTK, X-Ways, and all the others are trying to do the same thing. They take customer feedback and try to integrate it into an already complicated and complex platform.
I agree with you but I take it a little bit differently; they have been trying to integrate customers feedback into their already developed software packages, which they developed 15 to 20 years ago. We will have a clean slate to start with thus would have more flexibility to add the modern age features from the start.
I think this where why SIFT and other distros are more successful. They are very modular and open source but can only function as a stand-a-lone OS which doesn't par well with over-the-wire forensics unless you have F-response or if EnCase will open up a version for *nix or OSX platforms.
My plan is to use Python, C++/C for their cross-OS compatibility. Of course, we may have to deviate from the platform paths during the development phase to cope up with upcoming problems but for now I have plans to develop *nix and OSX versions as well.