An autopsy is one of the forensic investigation tool to recover images, videos and data during the incident with a computer and is used mostly by law enforcement. The first advantage is that easy to use because of the graphical user interface and when you want to conduct any search, it gets the results onside as a tree. Autopsy analyzed the whole computer image to investigate the case to collect the evidence for instance; allocated, unallocated files, installed programs, web histories, web search, web cookies, emails and deleted files. The disadvantage that I believe is not being able to pull out the significant files manually or just drag and drop onside because, in order to save the files that need to present as evidence, you have to generate a report in various ways for instance; excel, HTML, and text.
Encase is alternative famous for many reason forensic stage along with many features in order to process digital forensics. The most interesting that I like about Encase is how it captures the data from multiple devices and you can select them whichever the device you want to image to collect and show as evidence. Moreover, it’s very much likely autopsy but the graphical user interface is completely different and Encase imaging process is faster than an autopsy.
FTK is also one of the great forensics tools and I think its way better than the Autopsy because there are more ways, which can be narrow the search to explore evidence against the victim. FTK tool has explicitly option to search where you can filter the keywords such as pornography files, and financial files. FTK tool functionality has organized better than the other tools for example; you fill out the evidence item information than you click on next to move forward with the case to fill out the rest of the information. In addition, FTK tool has own bar menu on the top separated different category to make the search properly and easily and that’s what I liked about the most of this tool.
After downloading WinHex, the most interestingly about the tool was how it appears in hexadecimal value at the bottom and you can read files from there, but you might have to pay attention very carefully. Besides that, you can search any specific file and it will look for the string to match file. The only disadvantage that I can think of that its complicated to use because it’s not likely how the other forensic tools.
The last tool that I would like to discuss is X-Ways forensics tool and it has great features similarly other tools. However, I have discovered that X-ways and WinHex are very similar likely how you can see both tools do provide Hex values at the bottom for the files. Correspondingly, X-ways has great filtering process and be identified pre-existing and existing files. Besides that, you can search many times of files such as pdf.docx, and pptx and multiple coding can be searched at the same time.