Wednesday, February 8, 2012

Internet Evidence Finder vs NetAnalysis vs Cacheback

In a recent conversation that began on Google+ with several digital forensic professionals, how does Internet Evidence Finder version 5 stack up to some of the other commercial tools? After some discussion, I contacted JadSoftware and the company stated that they were in the process of completing internal testing on IEF v5 and comparing it to other commercial tools. JadSoftware stated they would provide our readers with those results to publish here to the blog (see below). In regards to NetAnalysis and CacheBack performing their own tests, they have been contacted at the time of this blog post. If NetAnalysis or CacheBack provides their own testing results then that information will be posted here.

Editor's Note: Digital Forensic Source does not endorse commercial digital forensic tools. This information is being shared as a service to the digital forensic community, and is being provided "as-is", the testing results completed by the vendor (JadSoftware). DF Source did beta test version 5 and provide feedback to the vendor. As always, conduct your own testing on your DF tools.

The browser testing results that were conducted by JadSoftware, and shared with Digital Forensic Source, are being posted as a service to the digital forensic community. These results have not been tested by Digital Forensic Source.

Click Here for the Browser Forensic Tools Comparison Chart provided by JadSoftware

(For a listing of other files posted to the Digital Forensic Source, click here.)

Adam Belsher (CEO of JadSoftware) stated, "Some of our key differentiators include:

·Carving for IE, Chrome, Opera, and Firefox (Cacheback doesn’t do any carving and NetAnalysis is limited.)
·Single search for all artifacts (rather than having to do multiple searches)
·We search in more areas on the hard drive (i.e.  hiberfile.sys with decompression, pagefile.sys, live RAM captures etc.)
·We support more artifacts within the browsers (i.e. Chrome- top sites, credit card data, favicons etc.)"

Commentary: On a side note, thank you JadSoftware for following up on the inquiries in regards to IEF and how it is currently comparing to other commercial browser forensic tools. It is a great thing for the digital forensic community, when vendors respond promptly to the needs of examiners. As budgets continue to be a focus for governments, academia, and companies, digital forensic vendors that are truly service-oriented and driven by the requests of their customers (the forensic analyst), will be successful. Sharing information, research, tool testing, etc. benefits the entire digital forensic community.

1 comment:

Ethanf0725 said...

Did you ever hear back from the other companies in regards to your request? I'd be interested to read their responses, as my company is currently looking at purchasing a tool for this purpose.