Toolbox

Rules of Evidence - Digital Forensics Tools

Searching for clues? Here's how to investigate and use digital forensics and e-discovery tools

By Mary Brandel

Page 5

DO prepare for sticker shock. EnCase Enterprise Version 6 starts at $25,000. You can spend considerably less by purchasing a workstation-based tool, a less scalable remote-collection tool or one that limits its feature set, for instance, a tool that's strong in forensics data collection and not internal policy and compliance investigations, or one that eliminates the analysis and reporting capabilities.

"Other methods are great for smaller cases, but when many computers are involved or it's a serious criminal matter involving something like the SEC, EnCase is the gold standard," Priebe says. "You don't want to cut butter with a chainsaw, but sometimes you need a chainsaw."

Others contend you can get similar functionality for far less. Gatterson says it cost him about $2 million to implement AD Enterprise, about half what he would have paid for EnCase Enterprise.

DO expect to use more than one tool. Although the trend is for software vendors to try to be a one-stop shop, most investigators use more than one tool. In fact, NIST compares forensics tools to a Swiss army knife, where many tools specialize in certain functionality that needs to be augmented by others.

##

Other stories by Mary Brandel

digital forensics tools

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors