I wanted to tap the brains of all the experts out there. I am in a position to purchase software for forensics and I am trying to decide between FTK, Encase or ProDiscover.
I am leaning against FTK given the problems I am reading about with the newer versions. However, I am unsure which would be a better buy for my company. I have always used open-source software in my analysis (sleuthkit/autopsy/etc) and am trying to determine if the commercial products have any advantage over the open-source products.
So, my question is, if you didn't have to worry about cost, what software would you buy?
Are you looking for an Enterprise tool? Can you combine F-Response with a desktop tool and accomplish 98% of what you need? Do you work strictly in a Wintel environment? Do you like to program in Perl (used in ProDiscover)? Do you have any experience with the scripting in EnCase?
I could go on and on.
Honestly all the programs have annoying problems. FTK has the most visible issues since they trotted out a not quite ready for prime time premium version, jacked up their pricing and are not cranking out regular fixes. (FWIW I was told 1.72 is the only stable version). However EnCase can sit for days processing a file (just like FTK) and then just stop working for no apparent reason.
If I had to pick one tool I would go with X-Ways. Fortunately I have built up a toolbox and can use the tool that is best for the situation.
Sorry, I should have specified better. Remote imaging, like F-Response provides, won't be needed. I'm looking more of a tool to use for a desktop tool (as you put it). The majority of the work will be done on Wintel systems. And yes, I can program in Perl. )
The more I read the more I'm leaning towards just staying with the tools I know and then re-evaluating later.
Sounds good, just to clarify, F-Response provides direct remote disk and physical memory access, so you could image OR perform analysis.
X-Ways makes a very sound product, might be worth taking a look at if you haven't already.
Good Luck!
I agree with BitHead. I have also buildt up a toolbox, and can use the tool that is best for the situation. If I have to choose one tool, I would go for X-ways. This is a tool I use a lot, and I can really recommend this tool.