One of the advantages of running a computer forensic company is that I get
to buy lots of tools to use. When I was working for other companies I would
have to wait for budget cycles and submit justification for tool purchases, but
for the last 7 years I’ve been able to buy them as I needed them. In those 7
years we’ve accumulated a lot of tools that we use for different
specializations and a body of knowledge related to them that I feel could be
better utilized to share with all of you.
With that in mind I think it would be interesting to see how all these tools compare when working on the same forensic image. So with that in mind I’m going to start making some test images to see how data is interpreted from the same disk but in different image formats. I am going to start with the identification, not recovery, of deleted files and go from there.
My initial tool list to test includes:
Encase v. 7.04
FTK v. 4.01
Smart 3-26-12
X-ways forensics v. 16.5
SIFT v. 2.13
Any other tool you want us to test? Let me know in the comments below
I'll post my results as we finish a round of tests and as always a large case could easily distract me!
With that in mind I think it would be interesting to see how all these tools compare when working on the same forensic image. So with that in mind I’m going to start making some test images to see how data is interpreted from the same disk but in different image formats. I am going to start with the identification, not recovery, of deleted files and go from there.
My initial tool list to test includes:
Encase v. 7.04
FTK v. 4.01
Smart 3-26-12
X-ways forensics v. 16.5
SIFT v. 2.13
Any other tool you want us to test? Let me know in the comments below
I'll post my results as we finish a round of tests and as always a large case could easily distract me!
Also Read: CEIC 2012 - Anti Anti Forensics
It would be useful to have a comparative test with DEFT Linux: http://www.deftlinux.net/
ReplyDelete