Content

EnCase Forensic

This new version of EnCase shows its pedigree as the oldest of the GUI-based IT forensic tools. We found it very simple to operate and use.

The interface is much like other IT forensic tools, but slightly more intuitive and comfortable to use. Moving around is quick and easy and all evidence data is organised by case and is simple to access.

EnCase Forensic is first and foremost a computer forensic tool, but it includes other useful features such as the ability both to preview and acquire disks through many types of connections, such as direct network crossover cable, parallel connection and direct disk-to-disk.

There is an organised user interface that makes viewing media contents straightforward. These views include a gallery of picture and image evidence and hex and file tree views. EnCase Forensic can also acquire many different media, including Palm Pilots and most types of removable media.

The product performed well under our testing parameters. It had a reasonable acquisition time and we were able to gather most of the data on our test disk. But it did miss some hidden or deleted data in unformatted sections of the test disk.

The program comes with plenty of documentation – a large paper manual and PDF manual that are clear, organised, easy to read and include a lot of screenshots and illustrations. The website has a wealth of applications, legal notes and other useful information, such as hash sets and scripts for its enScript scripting language.

The Guidance Software website is loaded with support options for EnCase. Support is available for both customer service and technical help and includes both phone and email support. There are also support videos and articles available on the website.

This product is a useful tool, but we thought that, at around £1,610 (almost three times that of its major competitor), the cost seems to be inflated out of proportion with the market.

We found that this tool does not perform significantly better than most of its competitors but is much more costly. It is a trend we have noticed with Guidance Software – raising prices to the point that only the largest organisations can afford the products.

Product title
EnCase Forensic
Product info
Name: EnCase Forensic Description: Price: $3,000
Strength
Easy to use, its intuitive interface makes acquiring, analysing and viewing evidence simple and reliable; long and honourable track record in the courts.
Weakness
Expensive! Competent, but not significantly superior to its competitors.
Verdict
Still on top, but the gap is narrowing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.