Opinions Please

[sixlead]

I am looking at purchasing a forensics kit and have narrowed it down
to either Paraben's P2 + lock down tool or the EnCase Forensic
Edition.

If any one has experience with either of these products (good or bad)
I would like to hear about it. Or if you hve some thing you think is
better please comment as well.

TIA

[dtabone]

Hi sixlead,

Personally I would go with Encase. It is slowly becoming the defacto
piece of software for forensic analysis.
Other produts you ought to look at are ProDiscover and Access Data FTK
which follow in the same suit.
Encase has features of both and they all have their strong points --
however as I said, I would settle for Encase.
To make your decision, see which one fits yr budget, and see which one
has most features that your lab would benefit from.

D.

[Impey Mitchell]

Hi Sixlead.

Is this for you privately or for the company you work for? For you or
for a team of investigators ?

Will your investigations be going to court ? Or is it just to find out
what happened ?

What is your incident response and forensics experience level ?

What is your budget for training ? How many incidents will you be
investigating each week / month / day ?

Do you need to do E discovery ?

Does it have to be a Windows application (due to your preference or is a
company standard and there is no choice) or can you find your way around
Linux to use http://www.sleuthkit.org/ for example ?

Have you done a needs / feature comparison ?

I purchased a well know commercial product on behalf of the company I
work for and while the price was acceptable, there are alot of "hidden"
costs to consider as well. Not to mention support issues.

regards,

mitch

[Michael Harrington]

I would agree with mitch. Contact me offlist if you want a rundown.

Mike

--
Ave caesar! Morituri te salutamus