Since we finally get workable dongles I've started to get into v8 to see it, feel it myself and
find possible drawbacks.
Since experience with introduction of v7 there is no enough testing.
There are already some very good comparative testing done with earlier versions and other forensic tools like this one
I'd like to try it on configurations have close and how different version influence each other, especially since there are issues with v7 and new v8 dongles.
I've noticed two things, on very low end configuration v8 gets about 25% improvement in case processing speed, what looks related to improvement in disk access. The other thing is that if you change dongle to v7 and start v7 it hangs if it was done after using v8, reboot helps . This is consistent with problems in version licencing differences.
At the moment I' using tdurden evidence file which comes with intro self trainign for v7. I'll post configurations and results later.
After playing with tdurden I'll go for new versions of EnCase training and try to see if all works as it should be. After that I'll go to try some NIST materials to see how that work too.
My first impressions are not very dramatic, it is interface polish with appearance change but again with some important issues missed, still no conditions in bookmark view and for some strange reason renaming records view into artifacts.
24th Sep. 2017
I forget to mention most of old scripts which works in recent v7 version also works in v8, shame for this is not true for regripper wrpapper.
find possible drawbacks.
Since experience with introduction of v7 there is no enough testing.
There are already some very good comparative testing done with earlier versions and other forensic tools like this one
I'd like to try it on configurations have close and how different version influence each other, especially since there are issues with v7 and new v8 dongles.
I've noticed two things, on very low end configuration v8 gets about 25% improvement in case processing speed, what looks related to improvement in disk access. The other thing is that if you change dongle to v7 and start v7 it hangs if it was done after using v8, reboot helps . This is consistent with problems in version licencing differences.
At the moment I' using tdurden evidence file which comes with intro self trainign for v7. I'll post configurations and results later.
After playing with tdurden I'll go for new versions of EnCase training and try to see if all works as it should be. After that I'll go to try some NIST materials to see how that work too.
My first impressions are not very dramatic, it is interface polish with appearance change but again with some important issues missed, still no conditions in bookmark view and for some strange reason renaming records view into artifacts.
24th Sep. 2017
I forget to mention most of old scripts which works in recent v7 version also works in v8, shame for this is not true for regripper wrpapper.
No comments:
Post a Comment