Question

Use a comparison table and text to compare the following three forensic tools: FTK Imager, Encase, Sift Workstation.

include at least 6 features in your comparison.

Answer 1

	FTK imager	Encase	SIFT workstation
1	Built to work in Windows OS	Built to work in Windows OS	Built to work in Ubandu OS
2	Create forensic images of local hard disk drives, floppy disks, CS, DVD etc.	Acquire and examine data frm widest array of computers, smart phones and tablets of any digital forensics software solution	It is a powerful collection of tools for examining forensic artifacts related to file system, registry, memory and network investigations.
3	Creates hashes of files using either of Message Digest 5 (MD5) or Security Hash Algorithm.	Hash analysis using MD5 and SHA1	Hash analysis using MD5
4	Downloading software is free, but works for a limited amount of time without licence	Open source software	It is a group of free open source software. One of the most popular open source incident response platform
5	It can see and recover files that have been deleted from recycle bin, but have not yet been overwritten on the drive.	It can do recycle bin analysis, address book search , faster keyword search	This tool recovers deleted entries within registry hives
6	It can do signature analysis	It contains tools for several areas of digital forensic process like acquisition, analysis and reporting	It is good tool for doing digital forensic investigations
7	It is not a court validation tool	It maintains integrity of your evidence in a format that the court have come to trucst.	It is not a court validation tool
8	Easy to use. It is a GUI	Must receiverofessional training to work with it	Only an examiner who is highly skilled in Linux can use it
9	File support system are DVD(UDF), FAT etc	File support system are WTFS, FAT, exFAT,etc	File system support- FAT, V, FAT, MAC (HFS+),solaris, Linux etc
10	Email recovery is possible through outlook and webmail parser	Email recovery is through outlook	Email recovery is possible