Notifications
Clear all

XWays Forensics

34 Posts
15 Users
0 Likes
2,627 Views
(@afpffi)
Posts: 5
Active Member
 

Hey Barry,

I’m in the West Palm Beach Area.

I’m pleased to see we have found alternative software other than the big two (Encase & FTK). My list of application is, and in no particular order
• FTK
• Encase
• XWF Pro
• Helix pro and Yeah I paid for the sub to, and it has paid for itself 10 times over
• PRTK ( AccessData)
• Encase Password Recovery
As a sole practitioner I found it difficult to do without the software law enforcement has been using. I prefer to use the same software they use, as a side by side comparison. I will then run the data with alternative software I may feel will yield better results. A majority of my case load is defense oriented, and working with defense attorneys or corporate clients also in the defense capacity.

I hope this helps.

Anthony

 
Posted : 08/08/2010 6:26 am
(@mrwh1t3)
Posts: 41
Eminent Member
 

I have the $3,500 - $4,000 for EnCase or FTK, but it seems crazy to buy until I get a job. Especially when XWays is half the price. I guess buying EnCase or FTK software would pay off quicker than one-semester of college would. A semester of college is easily $4,000 with books.

Interview wise I think one would be better off learning FTK or EnCase, but XWays seems like a GREAT tool for the price.

I guess I would ask, "Do I want an interview with another company, or do I want a great tool?" If the tool is all one is after go for XWays. If you're after the interview go with FTK or EnCase.

 
Posted : 08/08/2010 8:04 am
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

Interview wise I think one would be better off learning FTK or EnCase, but XWays seems like a GREAT tool for the price.

What an odd thing to say. As someone who has been an interviewer in the past I would not really care whether you had used either of these packages - frankly you can pick up the basics in a day. I would however be very interested in what you know about file system fundamentals, the structure of the registry, meta data in world files, what sort of information is left behind by P2p applications, how you would go about determining what is left behind for an app you had never seen……

It is not what you use but what you do with it. That you had gone out and spent your own money on encase would not impress one bit.

 
Posted : 08/08/2010 1:07 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

In fairness I don't think it's that odd and I suspect MrWh1t3 wouldn't disagree with your follow up comments, Paul. I think he's just saying if you're trying to get an interview at an Encase shop and you can show prior experience with that tool then it's a point in your favour (not a shoo-in).

Jamie

 
Posted : 08/08/2010 2:37 pm
(@mrwh1t3)
Posts: 41
Eminent Member
 

In fairness I don't think it's that odd and I suspect MrWh1t3 wouldn't disagree with your follow up comments, Paul. I think he's just saying if you're trying to get an interview at an Encase shop and you can show prior experience with that tool then it's a point in your favour (not a shoo-in).

Jamie

Jamie is right. I agree about those as follow-up questions.

A lot of organizations have key word searches to screen applicants prior to moving the resume forward to the hiring manager. If they didn't have any of those key words they wouldn't make it to the portion of the interview you're talking about

When I worked for Booz Allen Hamilton we got something around 500-1,000+ resumes for certain positions. There is no logical way to weed those out unless you use key word searches. We used key words like, "CISSP", "Masters", "Top Secret", "Clearance", "Firewall", "CNA", etc. One can logically assume FTK and Encase are going to be two key words

SO…if you're going to pick between FTK, Encase and X-Ways "for interview purposes only", go with FTK or Encase. If you want a solid tool at a great price, go with X-ways.

 
Posted : 08/08/2010 3:58 pm
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

When I worked for Booz Allen Hamilton we got something around 500-1,000+ resumes for certain positions.

Obviously I work in a different world and I have never seen any CF positions where there are 500+ applicants for a position.

When I last worked in a management role where we got 100+ CV's then a quick read through of the summary and quals was enough to weed to a reasonable number. But that is a different issue.

I have the $3,500 - $4,000 for EnCase or FTK, but it seems crazy to buy until I get a job.

If a company was screening based on keyword searches then I prob wouldn’t want to work for them anyway ) but if you feel that spending $3.5-$4K on an encase licence in prep for an interview is a good idea go for it. Once you have a job of course then you shouldn’t need to buy your own software anyway.

Just offering my opinion, as an interviewer, that it wouldn’t impress me.

 
Posted : 08/08/2010 4:15 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Just offering my opinion, as an interviewer, that it wouldn’t impress me.

Nor should it and I think that's because we're discussing two different things - skillset (i.e. familiarity with Encase) and understanding of forensic issues. Presumably it's not unreasonable to expect an interviewer to be looking for both (and more likely to be impressed by the latter).

 
Posted : 08/08/2010 4:24 pm
PaulSanderson
(@paulsanderson)
Posts: 651
Honorable Member
 

Actually I was discussing the merits of spending $4K on a licence for encase in prep for an interview.

 
Posted : 08/08/2010 4:30 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Fair enough, and I'd agree there are probably better ways to prepare and/or spend that kind of sum pre-interview.

 
Posted : 08/08/2010 4:45 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

If a company was screening based on keyword searches then I prob wouldn’t want to work for them anyway ) …

Right! )

I don't care to belong to any club that will have me as a member

Seriously, if applications are sorted by keyword searches, the Company has a problem and you can always write "I have not a long experience with Encase" that will be picked up as well. wink

Conversely, I personally wouldn't employ an unoccupied that just spent 3÷4 K US$ in order to impress me, as - in my view - he would probably have some mental problems…. roll

If you are going to build your own freelance profession, it's allright, but buying a license for a program that will later be given to you by your employer seems to me like wasted money.

jaclaz

 
Posted : 08/08/2010 5:20 pm
Page 2 / 4
Share: