Access Data Forensics Toolkit v. Encase: Digital

Access Data Forensics Toolkit v. EnCase:

Digital or computer forensics is currently one of the rapidly growing and significant industries because of technological advancements. The growth and significance of this industry has been enhanced by the increase in digital crimes, which has contributed to the need for organizations to adopt quick and reliable tools to collect and offer digital evidence. Digital forensic teams need some items in the forensic toolkits regardless of whether these teams are part of the organization or law enforcement agency. One of the most important processes in computer forensics is drive acquisition, which must be a forensically relevant sound image i.e. flat file bit stream image. In addition, the process also requires volatile data in order to enhance the findings of the process. As digital forensics continues to grow and become important, there are various toolkits that have been developed including Forensic Toolkit (FTK) by AccessData and EnCase Forensic.

FTK by AccessData:

AccessData Forensic Toolkit is a platform developed for stability, ease-of-use, and speed and provides wide-ranging processing and indexing straight forward in order to improve the speed of filtering and searching with any other product or item ("Forensic Toolkit -- FTK," n.d.). Since this toolkit exposes more data within a short period of time and improves visualization and explicit image detection, it is a court-accepted digital investigations platform. The other strength of Forensic Toolkit is that it's a database-driven, enterprise-class platform that enables investigators to deal with huge data sets because of its stability and ability to upgrade easily.

EnCase Forensic:

Encase Forensic is a common software for computer forensics, which is packaged with several features that support the four stages of digital investigations. Since the software is one of the most popular means for computer forensics, EnCase is one of the industry leaders in complete forensic suites. EnCase is a faster forensic investigation tool that is renowned for increased processing speeds and inclusiveness of the indexed results.

Features of these Tools:

FTK is a forensic tool that develops images, evaluates the registry, decrypts files, cracks passwords, performs an investigation, identifies steganography, and provides a report within a single solution. The tool also has the ability to recover passwords from more than 80 applications, support huge data sets, enables automated recovery during pre-processing, easy-to-use graphical user interface, and multi-data views ("Top Forensics Tools for Business," 2010). AccessData Forensic Toolkit supports searches of different types of data such as steganography, passwords, e-mail, and computer data and files.

On the contrary, EnCase Forensic acquires data in a forensically-relevant way using software with an unequaled record in courts throughout the globe. The software works on various operating systems including Linux, Solaris, AIX, Windows, and OS X. EnCase has several reporting options that support quick report preparation and allows non-investigators such as attorneys to review options and evidence. Similar to AccessData FTK, EnCase software handles huge data sets and produces court-accepted information.

Costs of the Two Programs and Gathering Digital Evidence from a Cell Phone:

AccessData Forensic Toolkit recently increased its price and software maintenance to 30% of the license price. As a result, FTK's license and first-year maintenance costs $5,200, which is 44% higher than the cost of EnCase license and maintenance of $3,600. Unlike, EnCase, FTK's price are even higher because of the need for significantly improved hardware that increases its overall ownership cost. While every new version of EnCase Forensic software has additional valuable technology and capabilities, the license and maintenance costs remain the same. The increase in FTK costs is attributed to the need for an additional separate large Hard Drive for the database and a second computer with a Gigabit network.

Similar to digital forensics, mobile device forensics is a rapidly growing field with several opportunities and challenges. While this field is a branch of digital forensics, it uses specific tools such as iPhone Analyzer and Lantern Lite for analysis of mobile evidence. While iPhone Analyzer is free for all users, Lantern Lite has an annual maintenance price of $200 because of the 24-hour technical support, bug fixes, product updates, and major releases.

Hiring Certified Computer Experts for Forensic Purposes:

In the past, the process of computer forensic investigations could cost approximately tens of thousands of dollars since it required more manpower to examine a hard-drive. However, technological advancements have contributed to reduction of this costs significantly to an extent that the hourly costs of hiring certified computer experts for forensic purposes range between $250 and $350 ("FAQs," n.d.). An example of a certified computer professional who would be effective for a court case is an expert from Global Digital Forensics, which is a global firm with state-of-the-art security software solutions.

Expert's Deposition:

An example of a recent expert deposition that helped a case at trial is the U.S. v. McNair case where computer forensics analysis was used to examine receipt of child pornography and the ownership of a computer with child pornography through LimeWire ("U.S. v. McNair," 2011). In this case, the defendant appealed his conviction for distributing and receiving child pornography and owning a computer with child pornography. While FBI agents searched the defendant's home at a time when he admitted collecting, downloading, and distributing child pornography through file-sharing network, a computer forensics expert received thousands of child pornography images from a computer and thumb drive in the defendant's bedroom. Actually, the expert retrieved 3,866 images and 39 videos of child pornography from the hard drive of defendant's computer as well as 3,167 photos from the thumb drive. In order to ensure that the evidence was provided truthfully and precisely, the expert examined the drives to determine any unauthorized access. This involved examining the username in the file-sharing network and use of the file-sharing account. As a result, McNair was found guilty of downloading, collecting, and distributing child pornography material beyond reasonable doubt.