Belkasoft wrote:
Using any commercial tool is certainly easier than Photorec. It's also usually much faster to use a single tool than two separate ones; not just because you save time on not doing a duplicate job, but also because a smarter tool can actually exclude allocated areas from the search, reducing the time for scanning the disk quite dramatically. So I guess the choice of using a free vs. commercial approach depends pretty much on whether or not you're paid by the hour :)
Belkasoft wrote:
Using any commercial tool is certainly easier than Photorec.
Wow. Did your mother never tell you the dangers of absolute statements? I have used your program Belkasoft, and I can promise you that "foremost -i <infile>" will be easier than what you produce any day.
Belkasoft wrote:
but also because a smarter tool can actually exclude allocated areas from the search
It doesn't matter how 'smart' the tool is if the examiner is stupid. A smart tool could exclude allocated areas, sure, or the examiner could just run the tool against unallocated space (Unallocated Clusters in EnCase)."Smart" (sorry, I misspelled proprietary) tools have one huge flaw (besides costing money to do the same job as free/open source tools). Companies spend large sums of money in R&D to make their products better, but they rarely, if ever, share that research. So for instance, your product and IEF can both parse IE 10 artifacts. But, and I freely admit my studies on Win 8 and IE 10 are behind the curve, did you/they release their research? Assuming you make a new discovery do you have any incentive at all to do so?
My point, as you can see, is that smart tools make our jobs easier every day, but ultimately stifle research. Open source and independent research contribute a lot to our small society, but can they truly match the R&D budget of companies like Guidance, AccessData, Belkasoft, Magnet Forensics, and the like?
On top of that, proprietary tools, being black boxes, will forever require the trust of the examiner in the tool and the producer. Sure, we can validate, but that will never catch every bug and idiosyncracy. Open source, however, allows anyone that can read code (not even requiring a mind that can write code) to testify to the inner workings in a way no one but the engineers (and even then, they'd have to testify as a group to give the whole picture) can do for proprietary tools.
Don't get me wrong, I love proprietary tools. I could not perform an exam in a reasonable amount of time using strictly open source tools. But your emphasis, and implication, that any commercial tool is better than an open source tool just flipped my trigger.
That is to say, absolute statements are always wrong. Heh.
↧