Forensic Suite options

[IT LAND]

Hi Folks,

I wanted to get your advise if possible.
I did mainly data recovery up-to now but i am starting to get customers that interested in recovering deleted data from roughed employees that left and they searching their deleted activity like emails, pictures, documents etc. on a PC.
Also sometimes they bring me their iPhone or Android to look for deleted items like emails,text msg, pictures etc. and want the same.
I want to start with buying one suite that will cover all these options with good analysis ability.
What would be the recommended software/hardware suites for that?  

Your advise will be much appreciated specially from all the law enforcement folks here with real experience.

Cheers

[IT LAND]

Also do you recommend any learning materials? books?

Any good course? training? required certification?

[Joseph Pint]

Access Data - FTK - for hard disk analysis.

Access Data - MPE+ for mobile devices.

Not best for price, but in my opinion (we have used a lot of products) I like these two the best...

Encae Enterprise claims they have a whole solution now - but I don't think it has any hooks into mobile devices yet. Access Data is closer to what the examiners want for end result investigations...

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.
To post to this group, send email to datarecovery...@googlegroups.com.
Visit this group at http://groups.google.com/group/datarecoverycertification.
For more options, visit https://groups.google.com/d/optout.

--

Joseph E. Pint

Sr. Data Recovery Technician

Experienced DeepSpar Technician
Experienced PC3K Technician
Certified Data Recovery Professional
Certified Data Recovery Expert
SAP BI Certified

ID-Dr - Information Delivery & Data Recovery Services, LLC.
164 E. 14th Street

Elmira Heights, NY 14903

Lab/Office - (607) 733-2902

Cell - (607) 259-3722

E Josep...@ID-Dr.com

W: http://www.ID-Dr.com

[Erick Thek]

I would also take a look at X-Ways or Forensic Explorer. X-Ways is not the most intuitive program but once become familiar with it, really strong and for the price, awesome! Forensic Explorer, same cost and a bit easier to use than X-Ways. Both programs are right around $1200 USD. Neither tool has a mobile forensic capability, nor do they have a remote capability though X-Ways will work with F-Response, Forensic Explorer will likely with F-R as well.

Hardware systems. If you go with FTK or Encase buy a multiple processor, mulit-core and at least 32gb of internal memory. Run the OS from SSD and then you should also use SSDs for the temp, evidence and data recovery drives. Encase/FTK are resource hogs. X-Ways/Forensic Explorer are not as much resource hogs as the other two mainstream programs. if you have a Mac, all of the above tools work very well inside of a VM or make it dual boot. Nothing runs windows better than a mac. 

Good luck!

erick

[IT LAND]

thanks guys.

Do you have some rough price estimations for those suites? Encase? Access Data? 

On Thursday, November 13, 2014 1:46:50 AM UTC+11, Erick Thek wrote:

I would also take a look at X-Ways or Forensic Explorer. X-Ways is not the most intuitive program but once become familiar with it, really strong and for the price, awesome! Forensic Explorer, same cost and a bit easier to use than X-Ways. Both programs are right around $1200 USD. Neither tool has a mobile forensic capability, nor do they have a remote capability though X-Ways will work with F-Response, Forensic Explorer will likely with F-R as well.

Hardware systems. If you go with FTK or Encase buy a multiple processor, mulit-core and at least 32gb of internal memory. Run the OS from SSD and then you should also use SSDs for the temp, evidence and data recovery drives. Encase/FTK are resource hogs. X-Ways/Forensic Explorer are not as much resource hogs as the other two mainstream programs. if you have a Mac, all of the above tools work very well inside of a VM or make it dual boot. Nothing runs windows better than a mac. 

Good luck!

erick

On Nov 12, 2014, at 3:16 PM, Joseph Pint <josep...@id-dr.com> wrote:

Access Data - FTK - for hard disk analysis.

Access Data - MPE+ for mobile devices.

Not best for price, but in my opinion (we have used a lot of products) I like these two the best...

Encae Enterprise claims they have a whole solution now - but I don't think it has any hooks into mobile devices yet. Access Data is closer to what the examiners want for end result investigations...

On Wed, Nov 12, 2014 at 3:59 AM, IT LAND <od...@itland.com.au> wrote:

Hi Folks,

I wanted to get your advise if possible.
I did mainly data recovery up-to now but i am starting to get customers that interested in recovering deleted data from roughed employees that left and they searching their deleted activity like emails, pictures, documents etc. on a PC.
Also sometimes they bring me their iPhone or Android to look for deleted items like emails,text msg, pictures etc. and want the same.
I want to start with buying one suite that will cover all these options with good analysis ability.
What would be the recommended software/hardware suites for that?  

Your advise will be much appreciated specially from all the law enforcement folks here with real experience.

Cheers

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertification+unsub...@googlegroups.com.

To post to this group, send email to datarecovery...@googlegroups.com.
Visit this group at http://groups.google.com/group/datarecoverycertification.
For more options, visit https://groups.google.com/d/optout.

--

Joseph E. Pint

Sr. Data Recovery Technician

Experienced DeepSpar Technician
Experienced PC3K Technician
Certified Data Recovery Professional
Certified Data Recovery Expert
SAP BI Certified

ID-Dr - Information Delivery & Data Recovery Services, LLC.
164 E. 14th Street

Elmira Heights, NY 14903

Lab/Office - (607) 733-2902

Cell - (607) 259-3722

E Josep...@ID-Dr.com

W: http://www.ID-Dr.com

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertification+unsub...@googlegroups.com.

[IT LAND]

What about PassMark OsForensics? anyone tried it?

[Networks]

FTK is around 4500 the same for Encase that may be a little off since last time I checked both vendors will work you up a quote just give them a call. The Mobile solution from FTK has an yearly fee now of 2500 from what I was told. The Celebrite tool is around 5K and the add on to get physical dumps of phones is another 5K. Forensic software aint cheap by any means. The last two you asked about I think one of them has a free version you can try out. No one tool will be enough for mobile forensics you need more than 1 because when one vendors doesn't work the other one might. Oxygen Forensics has a good package and if you primarily want to support apple black bag is a good choice. Anyway to recoup your investment you have to charge a price that most people are not willing to pay or be able to do a LOT of jobs to pay for the annual service/support fee's that go along with all these packages. XWAYS forensic is a great tool to have for data recovery as well but it doesn't extract mobile phones but you can extract info from iphone backups if you can get those from the end user.

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.

[IT LAND]

Wow they are quite expensive - don't think I'll be able to ROI.

What about this tool:

http://www.magnetforensics.com/mfsoftware/ief-portable-solutions/ief-triage/

Any experience?

On Thursday, November 13, 2014 9:34:01 AM UTC+11, Networks wrote:

FTK is aroeund 4500 the same for Encase that may be a little off since last time I checked both vendors will work you up a quote just give them a call. The Mobile solution from FTK has an yearly fee now of 2500 from what I was told. The Celebrite tool is around 5K and the add on to get physical dumps of phones is another 5K. Forensic software aint cheap by any means. The last two you asked about I think one of them has a free version you can try out. No one tool will be enough for mobile forensics you need more than 1 because when one vendors doesn't work the other one might. Oxygen Forensics has a good package and if you primarily want to support apple black bag is a good choice. Anyway to recoup your investment you have to charge a price that most people are not willing to pay or be able to do a LOT of jobs to pay for the annual service/support fee's that go along with all these packages. XWAYS forensic is a great tool to have for data recovery as well but it doesn't extract mobile phones but you can extract info from iphone backups if you can get those from the end user.

thanks guys.

erick

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertification+unsubsc...@googlegroups.com.

To post to this group, send email to datarecovery...@googlegroups.com.
Visit this group at http://groups.google.com/group/datarecoverycertification.
For more options, visit https://groups.google.com/d/optout.

--

Joseph E. Pint

Sr. Data Recovery Technician

Experienced DeepSpar Technician
Experienced PC3K Technician
Certified Data Recovery Professional
Certified Data Recovery Expert
SAP BI Certified

ID-Dr - Information Delivery & Data Recovery Services, LLC.
164 E. 14th Street

Elmira Heights, NY 14903

Lab/Office - (607) 733-2902

Cell - (607) 259-3722

E Josep...@ID-Dr.com

W: http://www.ID-Dr.com

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertification+unsubsc...@googlegroups.com.

To post to this group, send email to datarecovery...@googlegroups.com.
Visit this group at http://groups.google.com/group/datarecoverycertification.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.

[Michael Johnson]

IEF (I don't know about the triage version) is fantastic.  If most of your investigations are going to be internet based, then I'd highly recommend it. It costs around 1200-1500 USD.

Mike Johnson

Partner

Decipher Forensics LLC

801.980.1018

  

To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.

[Networks]

No idea about the triage version either it may be something new give them a call to get a trial and check it out and let us know what you think. I recently took another look at IEF I have an older version which was much less $$ investment than the current 1500.00 It doesn't do phones. They make a good tool no doubt about that. If your looking just for internet history data their are a lot of free tools that report the data from the various browsers. It all depends on what the need is. check out nirsoft's tools.