Home
The Internet Risks
Critical Protection
Anonymous Surfing
Antivirus
Data Recovery
Firewalls & Hacking
Identity Theft
Kids' Online Safety
Rootkits
Secure Deletion
Spam & Phishing
Spyware & Removal
Newsletter/Blog
Contact Us

EnCase vs Evidence Eliminator... Do They Do What They Claim?

There is much speculation about EnCase vs Evidence Eliminator... can data erased by EE be recovered by Encase?

Here, we'll look at the features of these opposing programs and hear what evidence is available to make a judgement on their effectiveness.

In going about this, we'll review...

  1. Summary Of What These Programs Do
  2. What EnCase Provides
  3. What EE Provides
  4. What Is The Evidence They Work?

1. EnCase vs Evidence Eliminator... Summary Of What These Programs Do

To set the scene for EnCase vs Evidence Eliminator, EnCase is a software program that represents the industry standard in computer forensic investigations... that is the retrieval of computer disk information, whether present or deleted.

Evidence Eliminator (EE) is constructed to do the opposite of Encase... to delete information on our computers beyond recovery.

EE is claimed to be the most powerful tool you can use to destroy personal and confidential information and to "hide your tracks", whenever you are working on a computer.

Naturally, this brings the challenge of EnCase vs Evidence Eliminator... will the computer forensic software be able to discover the things that EE deletes?


2. EnCase vs Evidence Eliminator... What EnCase Provides

EnCase is used by government, corporate investigators, consultants and police officers on an international scale.

It has a powerful scripting engine that enables it to solve complex investigations precisely and in a short time.

The intuitive user interface makes it easy to learn the features of the program. It also comes with enhanced email/Internet support and combines a series of tools that can solve even the most complex computer investigation cases.

Let's have a look at some of the other features of the program in our EnCase vs Evidence Eliminator evaluation...

  • Automated Analysis
    The user can select the types of analysis they want to perform and all the tools of the program will be automatically assigned.

  • Multiple Sorting Fields
    The four important time stamps that define each computer file...
    1. File Created
    2. Last Accessed
    3. Last Written
    4. Entry Modified
    Each can be selected, together with other fields, such as the hash value of the file, the full path, any signatures and extensions of the document and other characteristics.

  • Filters and Filter Conditions
    Based on user-specified criteria, the EnCase user can reduce the information details by using over 150 filters.

  • Queries
    Filters and simple logic can be utilized to produce complex searches.

  • View "Deleted" Files and Other Unallocated Data in Context
    From file slack to swap files and print spoolers, the program will enable the user to see all hidden or unallocated files.

  • Encrypted Volumes and Hard Drive Encryption
    Gives access to data that was encrypted using encryption software.

  • Link File Examination
    This feature reads all forms of '.lnk' files and decodes the results, providing the user with a quick analysis of the report.

    • Full details of this first protagonist in the EnCase vs Evidence Eliminator evaluation can be found at Guidance Software


3. EnCase vs Evidence Eliminator... What EE Provides

There are many reasons for computer users to use deletion software, but primarily, many people use it to guard privacy, as I explain in How Clean Off The Hard Drive To Securely Remove Personal Data

In many cases, we can use software, such as EE, to actually protect ourselves and those around us.

Evidence Eliminator helps you thoroughly clean your hard drive of any information you want removed -- formatting and simply deleting the files on your hard disk drive just won't erase already written data.

EE has special file wiping software to rewrite the data to the Department of Defense standard or greater to make it irrecoverable.

This is a very important benefit, as you could cause a number of problems for yourself or others when you sell, pass on, or dump your computer without getting rid of all the data stored on the drive.

There are many dubious people out there who are active in recovering the data and selling it on -- often for identity theft and fraud.

Even with your current computer, malware installations and malicious hackers can read your files and -- unless securely deleted -- run undelete programs to look for personal information.

In the EnCase vs Evidence Eliminator evaluation, let's look at EE's method of destruction of data. It can wipe using...

  1. Zero (0)
  2. Zero + Reverse (01)
  3. Zero + Reverse + Random (01?)
The latter method of destruction is The Department of Defense (DoD) standard. You can also choose the repetitions of destructions made from 1-9... seven being the DoD standard.

A unique feature of Evidence Eliminator is that it also uses magnetic remenance, which under-writes files to remove evidence from detection by Magnetic Force Microscopy. This option does take longer, but it is still fast enough at 10Gb+ per hour.

Exploring the Internet also leaves plenty of traces on your computer. EE erases all tracks, such as cookies, passwords, file and Internet history and more.

This program deep cleans your PC so that no trace of your software or Internet usage will ever be available to anyone else.

Here's a summary of its features and what it eliminates...

  • Swap and temporary files
  • All histories including documents, search and Internet
  • Internet Explorer, Netscape and Mozilla browser cache, cookies, visited and downloaded URLs, etc
  • Mail client histories and trash
  • Custom specified files and folders
Evidence Eliminator also,
  • Cleans, defragments and compacts registry
  • Has a large number of options to customize how the program works and to specify deletion options

4. EnCase vs Evidence Eliminator... What Is The Evidence?

When it comes to our EnCase vs Evidence Eliminator study, what evidence is there about the capabilities of both programs?

Surprisingly, I have been unable to unearth any published professional studies independently comparing the effectiveness of EnCase vs Evidence Eliminator.

You may ask why I haven't conducted a comparison myself... well, the simple answer is the prohibitive cost of Encase! I use the recovery program in System Mechanic , but this suite of maintenance and recovery tools does not have the forensic capabilities of Encase.

There is plenty of reporting about EnCase vs Evidence Eliminator, from court cases to professional journal comments and reviews, which do give enough insight to make a judgement.

From this information, my opinion is that there is no escaping EnCase lays bare the contents of a computer disk. But if Evidence Eliminator has been used to delete data, EnCase cannot recover it.

I'll let you have examples of the EnCase vs Evidence Eliminator evidence I have based my opinion on shortly.

Before I do that, I'd like to express a personal opinion...

The Marketing Of Evidence Eliminator

Most objective reviews about EE will comment on the unsavory marketing of the product. It uses scare tactics like what may happen to you if the police or your employer examine the hard disk on the computer you use.

I mean, if someone has their computer seized by police for forensic examination, then they are a suspect in some criminal activity.

This EnCase vs Evidence Eliminator comparison is not about helping those who carry out illegal activities on their computer beat a potential investigation.

I've already discussed the many reasons we may want to delete confidential and personal data.

This article is about providing an opinion on whether EE will securely delete such data to protect us from the many third parties whose business it is to recover our data and use it or sell it on for criminal purposes.

I don't understand why the marketing of EE does not drive the protection benefits of the product, rather than the implication that we are going to be caught out doing something illegal!

Nonetheless -- now I've got that off my chest -- in my view, EE is the most effective data wiping product... and I'll be providing extracts of examples of the EnCase vs Evidence Eliminator evidence to support that view.

First off, though, let's start with a personal example of the power of Encase...

My Personal Experience Of EnCase

Not long ago, I was involved in a forensic case against an individual who worked at the company a friend of mine owns.

I was doing some consulting work for him when one of his under-performing sales managers gave notice.

After the individual had left, it was discovered that he had set up a competitive business and was winning customers, who had previously been with my friend's company.

Suspicions aroused, the individual's work computer -- which had been unused since he'd left -- was examined, but no data out of the ordinary was found.

However, it was suspected that he had stolen company product and customer details to set up his business. This prompted us to call in a computer forensics specialist, who analysed the individual's computer hard disk with Encase.

Although, the individual had deleted documents and emails, he had not used a data wiping program. Encase undeleted all information on the disk and showed times and dates of downloads, emails and all content.

What it portrayed was an individual who had systematically downloaded from the servers all the foundational business data of the company... from customer profiles and orders, to price lists, margins and other financial data.

Encase revealed that this information had then been emailed to his home computer. The individual then rode on the back of my friend's years of endeavor to quick start a business targeting the same customers.

Legal proceedings were undertaken and when the individual and his counsel were presented with the Encase evidence, they quickly agreed to an expensive out of court settlement!

Okay... that's an example of Encase. Now let's have a look at the evidence for EE...

Court Sanctions In EnCase vs Evidence Eliminator

In a patent infringement civil case in Illinois, the court ruled on the use of Evidence Eliminator by the plaintiff, Kucala Enterprises, Ltd. v. Auto Wax Co., Inc.

Because of a discovery request by the defendant, the district court ordered the inspection of a computer used by the plaintiff. The defendant hired an experienced forensic investigator to use EnCase to create a forensic image and analyze the plaintiff's computer.

The investigator revealed that the plaintiff had used Evidence Eliminator on his computer to delete and overwrite over 15,000 files.

Because the plaintiff had used EE, the Court stated that, "Any reasonable person can deduce, if not from the name of the product itself, then by reading the website, that Evidence Eliminator is a product used to circumvent discovery. Especially telling is that the product claims to be able to defeat EnCase."

In this real-life EnCase vs Evidence Eliminator situation, the case was dismissed because there was no longer evidence with which to pursue legal action. The Court found the plaintiff at fault for not preserving evidence that it had a duty to maintain.

As a result, the plaintiff was ordered to pay the defendant's attorney fees and costs incurred with respect to the issue of sanctions... significantly less than if the evidence had been available.

This case illustrates that in comparing EnCase vs Evidence Eliminator, EnCase is unable to recover data eliminated by Evidence Eliminator However, anyone with dishonest or criminal intent should note that although unable to recover files, EnCase will show that EE has been used and the extent of the shredding.

A Computer Forensic Expert's View

According to this forensic expert, data recovery software, such as Encase is only effective where files have been deleted, but not overwritten -- as in the case I was involved in, above.

He states, "At best, data recovery utilities see what the hard drive sees, and when data has been overwritten(and this is what file wiping is), what the hard drive sees is only the data that is currently there, i.e., the data that was written over the old data."

And finally...

PC Magazine On EnCase vs Evidence Eliminator

Here's a take on EnCase vs Evidence Eliminator from the professional journal PC Magazine...

"While we certainly can imagine some unsavory reasons why users might want to make sure data is really deleted, we can also think of many good ones.

Whatever the reason, this is clearly a powerful tool. Evidence Eliminator overwrites data in ways that even government-level forensic tools like Guidance Software's EnCase can't recover, supporting more than the seven wipes that are the U.S. Department of Defense (DoD) standard.

EnCase can reveal that Evidence Eliminator was used, but the erased files and their names are simply gone. On pure technical merit, Evidence Eliminator is hard to beat. By default, it also cleans up traces of activity like recently opened files and applications."

Further details on EE can be found at Evidence Eliminator


5. Encase vs Evidence Eliminator... Further Secure Deletion Information

  1. How Clean Off The Hard Drive To Securely Remove Personal Data

  2. Encase vs Evidence Eliminator

  3. How To Clean Hard Drive Prior To Disposal Of Computer

  4. The Best Buy And Free Internet History Deleter Programs

  5. Can A Format Hard Drive Erase Hidden Files?


Google
Webwww.guard-privacy-and-online-security.com


Copyright © 2005-2012 | Guard Privacy & Online Security | All Rights Reserved

SBI
SBI!