Well, that didn’t take long.
A genuine, independent third party, Digital Intelligence, a company recognized and respected in the forensic community and a reseller of forensic-specific solutions, including EnCase® Forensic and AccessData’s Forensic Toolkit (FTK) software, recently published the results of its testing of both FTK and EnCase Forensic.
As true, independent testing:
- Digital Intelligence was not compensated by either vendor
- The tests were conducted by Digital Intelligence at its facilities and on its forensic hardware
- The testing was independently conducted by Digital Intelligence and Guidance Software (and, we presume, AccessData) provided no technical advice or assistance.
Digital Intelligence EnCase v7 Report
Digital Intelligence FTK 4.0 Report
EnCase Forensic is faster on all system configurations
I hope to see many of you at CEIC in a few weeks, and would love to discuss the topic of testing with you there. In the meantime, if you have test results you’d be willing to share, please send them our way.
A summary from the “final results” section of the two reports provides a fascinating comparison of processing speeds:
Processing time
|
Economy Machine
|
Mid-Range Machine
|
High-End Machine
|
EnCase
|
5.92 hours
|
5.73 hours
|
5.17 hours
|
FTK
|
9.08 hours
|
7.73 hours
|
5.38 hours
|
EnCase Forensic outperformed on all configurations – indeed, EnCase running on an “Economy” machine provides about the same performance as FTK running on a “High-End” machine. What’s more, FTK is designed under the assumption that a forensic investigator has an extra high-end machine available to dedicate solely to processing data – with all of the cores occupied by AccessData’s processing, a forensic investigator can do nothing else (for instance, work on a report) on that machine until processing completes. EnCase Forensic; on the other hand, is designed so that processing can be accomplished quickly, while the machine can also be used at the same time for other forensic work,1 so it is both faster and more versatile.
Better, Faster, Cheaper
Speed is just one factor used in evaluating forensic software. Other factors, such as comprehensiveness and total cost of ownership, are important as well. Not only is EnCase faster and more comprehensive – as detailed in a previous blog post, EnCase provides full indexing of all data, including the outputs of any Evidence Processor module (e.g., Yahoo IM artifacts, Firefox artifacts, etc.), it handles East Asian words appropriately, and supports file carving for 314 file types, compared to 42 for FTK – but it is also, following FTK’s recent price increase (and software maintenance hike to 30% of the license price), significantly more affordable. In fact, FTK’s license and first-year maintenance price of $5,200 is 44% higher than EnCase’s license and first-year maintenance price of $3,600. Of course, FTK requires significantly enhanced hardware, as well, so its total cost of ownership is even worse.
EnCase Forensic has consistently been the tool investigators rely on to find more evidence, faster. Each new version of EnCase adds valuable technology, like smartphone examination capabilities, without increasing license or maintenance costs. In addition, an independent third party has confirmed the true performance advantage of EnCase over FTK.
We will continue to encourage the types of independent testing that Digital Intelligence performed. And we will continue to make improvements to the processing engine that we have developed and control, so that we can deliver better performance to meet the needs of the forensic community.
1 For large labs or evidence processing “factories,” we offer other products that distribute processing with the expectation that the high-end hardware used there will be solely dedicated to processing data.
No comments :
Post a Comment