![]() ![]() welcomes all constructive comments and reserved the rights to delete or edit any comments that are deem as vulgar, abusive, racist, sexist or seditious in nature. However the comments do not represent the views of the author but represent the view of the commentator. The writing on this website represents the views of. Please contact me for permission if you would like to use any content of this website for business or commercial purpose. In addition, you may not alter, transform, or build upon this work. ![]() You may share any content on this website with your friends, on your blogs or on any social network sites provided that the purpose is NOT for Business or Commercial use and you must quote as the original source of the content. X-Ways will be the tool if I need to do complex filtering and fast extraction of some evidence. If I would like to process evidence for fraud cases, I would go for Encase first. For example, if I would like to quickly find out how a malware infected a machine, I would use Autopsy first. Thus, it really depends on what you want to do. Very fast and easy tool for analysis of user's browsing history or internet activities. No support for Bitlocker (the company I work for use this a lot). No option to create nice "Review Package" that you can forward to someone. Dongle must be attached all the times to start the software. (However, the default options are good enough for most of the cases). Too many options to choose, thus could be confusing. Technical in nature - not easy to learn for a beginner. Very frequent updates for new features. one doing "processing", the other doing live preview. For example, search for "xyz" only in Word documents. Filter by column 1 + filter in colum 2 etc. ![]() Very flexible and granular filtering options. Thus, you can select to process only certain things that you want to look at e.g. Very customizable evidence processing options. Evidence processing can be slow, especially when processing large PST files. Nice and user friendly "Review Package" that can be sent to Requestor for reviewing the evidence. Easy and free tool for acquisition (Encase Imager). Renown tool and accepted by court of laws. Here are my personal views of each tool's pros and cons: Most IT forensic professionals would say that there is no single tool that fit for everything. Over the past few months, I have had the chance to work more extensively with the following IT Forensic tools (at the same time): ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |