EnCase 7.1 and FTK 5.5 Tool Evaluation Introduction

encase-1

Project Introduction

Over the past few months, Guidance Software and AccessData both released new updates for their computer forensic programs, EnCase and FTK. With EnCase now in update 7.1 and FTK being in 5.5, there are new and updated features that should be looked at. We could also use this opportunity to record how long an average acquirement will take on a freshly installed computer and record any issues we find, if any at all.

Background Research

Every year we tend to have a Tool Evaluation for these programs because of the frequent updates, and this year is no different. The past two weeks have been spent researching what each program brings to the table in terms of new and updated features. We will be compiling a list of these features and creating guides for each one.

Questions

These are the questions that we will be asking ourselves:

What new features and updates were added to EnCase 7.1? How do they work?

What new features and updates were added to FTK 5.5? How do they work?

What is the average time the updated software will take to image and acquire a hard drive on a freshly installed machine?

Our Methods

Currently we have three members working on the project. We will be focusing our efforts on the EnCase 7.1 update to make the list of in-depth added features. Next we will make guides so others may have an easier time figuring out how it works. After EnCase 7.1 has been thoroughly researched and worked on, we will move onto the FTK 5.5 update. We will also be compiling a list of features of FTK 5.5 and creating guides for each one. Once we finish up the guides we will test the programs themselves on our forensic machines. The computer will be wiped and then tested to see how long it takes to image and acquire a drive.

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education