On Fri, 2005-03-04 at 17:48, Greg Freemyer wrote:
> My company uses FTK as it's normal analysis tool, but we image in Linux.
>
> One of the main reasons we use FTK is the indexed search capability,
> but we all know FTK has had stability issues in the past.
>
> I went to a SMART lecture Wed. and was told that SMART does not have
> an indexed search capability, but I see that Autopsy does.
>
Correct. But 'glimpse' is available and hard to beat. I'm not sure ASR
Data wants to reinvent the wheel with respect to indexing.
> Is there a webpage that compares FTK and Autopsy.
Probably....somewhere....GOOGLE... :)
(I haven't seen one, but I feel silly say 'Nope' - because someone,
somewhere, probably has a listing for just this very question!)
FTK and Autopsy are very different animals. Since you have FTK and you
are comfy within Linux it shouldn't be hard to grab The Sleuth Kit and
Autopsy and do a comparison for yourself. Areas I'm sure you'll find
'different' include;
- Registry viewing
- Ability to import image formats of different types
- E-mail parse
- Encryption ID
- etc.
Of course, most of those are in a Win32 environment. So target OS
analysis plays a key role in deciding which of these two programs to
use.
regards,
farmerdude
www.crazytrain.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
> My company uses FTK as it's normal analysis tool, but we image in Linux.
>
> One of the main reasons we use FTK is the indexed search capability,
> but we all know FTK has had stability issues in the past.
>
> I went to a SMART lecture Wed. and was told that SMART does not have
> an indexed search capability, but I see that Autopsy does.
>
Correct. But 'glimpse' is available and hard to beat. I'm not sure ASR
Data wants to reinvent the wheel with respect to indexing.
> Is there a webpage that compares FTK and Autopsy.
Probably....somewhere....GOOGLE... :)
(I haven't seen one, but I feel silly say 'Nope' - because someone,
somewhere, probably has a listing for just this very question!)
FTK and Autopsy are very different animals. Since you have FTK and you
are comfy within Linux it shouldn't be hard to grab The Sleuth Kit and
Autopsy and do a comparison for yourself. Areas I'm sure you'll find
'different' include;
- Registry viewing
- Ability to import image formats of different types
- E-mail parse
- Encryption ID
- etc.
Of course, most of those are in a Win32 environment. So target OS
analysis plays a key role in deciding which of these two programs to
use.
regards,
farmerdude
www.crazytrain.com
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[ reply ]