±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36738
New Yesterday: 0 Visitors: 150

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Encase Portable Forensics

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

CFEx
Senior Member
 

Encase Portable Forensics

Post Posted: Jun 17, 10 02:33

Our IT Security group is looking at deploying Encase Portable Forensics to collect data and image hard drives.

If anybody is using this product, any advantages/disadvantages with the product?

I'm thinking that a full drive image using Encase Portable may take much longer than other image acquisition alternatives. Is that the case?  
 
  

adfsolutions
Member
 

Re: Encase Portable Forensics

Post Posted: Jun 23, 10 18:38

If you want to image hard drives, a data duplication solution (logicube, tableau) is a better option. For targeted data collection, ADF's Triage-Examiner is a faster tool.  
 
  

kovar
Senior Member
 

Re: Encase Portable Forensics

Post Posted: Jun 24, 10 19:42

Greetings,

So why is a data duplication solution a better option?

And why, for targeted data collection, is ADF's Triage Examiner faster? Have you tried it side by side, using similar criteria?

Disclosure: I work for Guidance so I'm obviously biased, but I'd suggest first better defining your selection criteria and then taking one out for a spin.
_________________
CISSP, CCE, EnCE, Licensed Private Investigator (CA) 
 
  

CFEx
Senior Member
 

Re: Encase Portable Forensics

Post Posted: Jun 24, 10 22:29

- kovar

but I'd suggest first better defining your selection criteria and then taking one out for a spin.


That was my feedback to the genius who decided to get Encase Portable  
 
  

adfsolutions
Member
 

Re: Encase Portable Forensics

Post Posted: Aug 07, 10 03:49

- kovar
And why, for targeted data collection, is ADF's Triage Examiner faster? Have you tried it side by side, using similar criteria?


David,
The recent article in DFI news by John Barabara reviews the testing criteria used by USSOCOM to select a triage tool - www.dfinews.com/articl...iage-tool.

The results were overwhelmingly in ADF's favor compared to Encase Portable. BTW, Triage-G2 is based on triage-Examiner so the performance is the same.

I hope this answers your question.

Disclaimer: I do work for ADF Solutions.  
 
  

Fab4
Senior Member
 

Re: Encase Portable Forensics

Post Posted: Aug 07, 10 04:18

- CFEx
- kovar

but I'd suggest first better defining your selection criteria and then taking one out for a spin.


That was my feedback to the genius who decided to get Encase Portable


If I correctly interpret your response as sarcasm, surely you make a mockery of your own OP.....

By all means, get independent views but do your own testing, my friend. Or follow your own pre-conceived ideas and buy anything other than EnCase Portable.

I work for neither Guidance or ADF Laughing

I use EnCase Portable, on occasions, for its ease, simplicity and the "nod and a wink" that accompanies the brand EnCase in the UK Court system. I use open source solutions on other occasions when I want to feel less Nintendo....  
 
  

douglasbrush
Senior Member
 

Re: Encase Portable Forensics

Post Posted: Aug 07, 10 21:37

Why not F-Response Consultant or Enterprise. Does what you want. Then you can use what ever tool you want for the collection. It will simply allow you to do a forensically sound connection to suspect machines then you can use FTK/FTK Imager, EnCase, PinPoint, Helix, SIFT - whatever - for your collections. Plus can do memory as well.

They have a buy before you try option.

My disclosure is that as a consultant I use all the products and pick and choose based on the client environment.

CLEARLY define your needs. TEST your assumptions. TWEAK your process. THEN commit to purchases and vendor solutions.  
 

Page 1 of 2
Page 1, 2  Next