Difference between pages "ASR" and "Wetstone"
From Forensics Wiki
(Difference between pages)
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| Line 17: | Line 12: | ||
==Searching Abilities== | ==Searching Abilities== | ||
| − | |||
| − | |||
| − | |||
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata? | Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata? | ||
==Hash Databases== | ==Hash Databases== | ||
| − | |||
| − | |||
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? | Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? | ||
| Line 32: | Line 22: | ||
==Evidence Collection Features== | ==Evidence Collection Features== | ||
| − | + | Can it sign files? Does it keep an audit log? | |
=History= | =History= | ||
Revision as of 08:29, 6 March 2006
Contents |
Features
File Systems Understood
File Search Facilities
Historical Reconstruction
Can it build timelines and search by creation date?
Searching Abilities
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
Hash Databases
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases? What sort of hash functions does it use?
Evidence Collection Features
Can it sign files? Does it keep an audit log?
History
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
License Notes
Is it commercial or open source? Are there other licensing options?
External Links
EnCase Homepage - http://www.guidancesoftware.com/lawenforcement/ef_index.asp
