You like us. You literally “really, really” like us.
You may be thinking, why would you have two tools nominated in the same category? What’s the difference between them? Why would I need both? Or do I have to choose just one? Well in this case, more is definitely better. Both FTK and AD Enterprise excel at forensically sound collection and analysis, but let’s see where they each shine the brightest.
The big question is: are you doing a 1:1 “dead-box” acquisition, or do you need to deploy an agent to acquire data “over the wire”?
If it’s the former, then your best solution is FTK. Yes, the FTK. The tool everyone uses. The forensic solution everyone trusts. We dare you to try and find an investigator who hasn’t heard of FTK. Powerful and proven, FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. No matter how many different data sources you’re dealing with or the amount of data you have to cull through, FTK gets you there quicker and better than anything else.
And why is it so important to find evidence quickly? Well if you’re in law enforcement, for example, you need to be able to find evidence immediately, sometimes while you’re onsite, in order to confirm your suspicions before your suspect walks. When you simply need to collect from a single device, like a dead-box acquisition, use FTK and watch the forensic magic happen.
Okay, now let’s talk about AD Enterprise.
What if you’re trying to be sneaky? What if you suspect employee wrongdoing, and you need to deploy an agent covertly and/or remotely collect from a machine without tipping anyone off? What if you need to collect from multiple machines across a multi-city or global network, all at once? Well, then you need to put AD Enterprise into the game as your star player.
AD Enterprise provides deep visibility into live data directly at the endpoint, helping you conduct faster, more targeted enterprise-wide post-breach, HR, and compliance investigations in a single, robust solution. With AD Enterprise, you can respond quickly, remotely and covertly while maintaining chain of custody, and facilitate focused forensic investigations and post-breach analysis, without interruption to business operations.
Another benefit of using AD Enterprise is if you need automation. Who isn’t looking for automation these days?! With our API toolkit, you can integrate AD Enterprise with your incident response systems, to kick off a collection and automate your workflow while you’re sleeping (or just away from your desk), giving you more time to live your best life.
Two tools, two different uses, both deserving of being finalists for “Best Forensic Solution” in the SC Trust Awards. And both being used by thousands of investigators and in-house forensic analysts worldwide. Feels like we’ve already won!