1
Mr. Abrantes
CITC 2326
Case Project 14-5: Forensics Tools Comparison
Autopsy
SPEKTOR
The Coroner's
Toolkit
Forensic Toolkit (FTK)
OS support
Linux, macOS, Windows
Proprietary hardware
HPUX, *BSD, Solaris, Linux
Windows
Multi-user case support
SQL-based database
No
No
Centrally stored database
Training available
Yes, third party
Yes, direct from vendor
No
Yes, direct from vendor
GUI
Yes
Yes
No
Yes
License
GPL
Proprietary
IBM Public License
Proprietary
Cost
Free
$9000
Free
$3995 with yearly support cost $1119
URL
www.sleuthkit.org/
autopsy
www.evidencetalks
.com
www.porcupine.
org/forensics/
tct.html
www.accessdata.com/
products-services/
forensic-toolkit-ftk
Having reviewed the options above, the main question for an enterprise-level forensic solution becomes if there are multiple sites, or a single building. The novelty of SPEKTOR having dedicated hardware means a quicker turn around should time be of the essence such as when an employee is to be terminated immediately. The initial cost of SPEKTOR may be off putting, but in situations where evidence strength is required, this is a strong contender. FTK has a good centralized database to allow multiple users on a single case, which can reduce the time required per case significantly, although it does have an annual support cost. Autopsy is very strong for being open-source and free, and has many of the same features as FTK, which makes it worthy of consideration for smaller companies where cost would be a large factor. Finally, The Coroner’s Toolkit has been discontinued by the author, who considers Autopsy to be the successor.
