Comparison of EnCase and FTK Digital Forensic Investigation Tools

78 views 2 pages ~ 400 words
Get a Custom Essay Writer Just For You!

Experts in this subject field are ready to write an original essay following your instructions to the dot!

Hire a Writer

Guidance software EnCase and AccessData FTK are the modern digital forensic investigation tools with robust features of investigating digital evidence involving encrypted files and compressed content in digital evidence. According to Guidance Software OpenText Company, who are the developers and owners of the EnCase digital forensic software, the latest release of the tool is equipped with features such as apple file system support, and updated encryption support which is aimed at providing an advanced user experience to conduct digital forensic investigation precisely and efficiently. On the other hand, AccessData FTK tool is described as having features such as mobile device interoperation and e-discovery technology (Jensen, 2015). The most beneficial functionality in AccessData FTK is the ability to generate the hash values for all each file in digital evidence including the encrypted files and their dates of creation and modification. This helps in validating the integrity of the digital evidence using specified hash values. EnCase beneficial function the ability to retrieve all the file names in digital evidence (Ahmed & Li, 2018).

Guidance Software EnCase and AccessData FTK Capabilities Outline


AccessData FTK

Able to analyze images produced in evidence

Able to analyze images produced in evidence

Simple and easy to use user interface with powerful customizable processing hence saves time.

Faster to search and increase speed of analysis thus eliminates waster time

The reporting options are flexible to handle

Indexes and processes data upfront

Integrated with Mobile investigator tools hence applicable in mobile device investigations. Also has an automated External Review

Database driven with a central and secure environment

Volume shadow copy capabilities

Can recover passwords from more than 100 files

Hash Value comparison

John X Smith:  04ce35da82906c77f6ffa74b8a63d9b1

John X. Smith: e0978f948a14f980af30031de7b10437

MD5 Checksum Tool was used in verifying the integrity of both files. The results indicated a difference in the hash values thus showing that the two files are not identical. Therefore, any modification of a file generates a different hash value which interferes with forensic investigation results from the digital evidence.


Ahmed, A. A., & Li, C. X. (2018). Analyzing Data Remnant Remains on User Devices to         Determine Probative Artifacts in Cloud Environment. Journal of forensic             sciences, 63(1), 112-121.

Guidance Software EnCase Documentation. (2018). Retrieved from   

Jensen, C. (2015). AccessData FTK User Guide. Retrieved from   

September 04, 2023
Number of pages


Number of words




This sample could have been used by your fellow student... Get your own unique essay on any topic and submit it by the deadline.

Eliminate the stress of Research and Writing!

Hire one of our experts to create a completely original paper even in 3 hours!

Hire a Pro