Part two
In a previous blog post, I shared some information that showed OpenTextTM EnCase Forensic processing evidence significantly faster – in this case 33% faster – than the competition. Because the ability to process evidence quickly plays such an important role in investigator efficiency and bandwidth, case closure rates, case backlogs and public safety, I wanted to pursue this investigation further.
Some of the previous data points we looked at regarding evidence processing speeds came from testing done within OpenText. This time, I wanted to reach into the user community and look for performance evidence from a digital investigator who was using both tools in real-life scenarios.
I had the opportunity to speak with a criminal investigator for a European policing agency who uses both EnCase Forensic and a competing digital investigation software product in his investigations. Based on his experiences with both products, he wanted to evaluate which product helped him process evidence faster.
During our conversation, he shared the details from an investigation he had recently completed in which he needed to process evidence that contained over 500,000 emails. He was using the competing product to do preliminary evidence analysis but using OpenText EnCase Forensic Cloud Edition (CE) 21.4 to conduct the actual deep-dive forensic investigation. In both cases, he processed 13 pst files which resulted in a 75 GB logical evidence file, indexed the file and created thumb nails.
Processing time adds up
The performance of the evidence processing with EnCase was staggering. EnCase Forensic completed the evidence processing in just 2.5 hours, while the other product took more than 10 hours to process the same evidence. That’s over a 75% improvement in processing speed when using EnCase Forensic. Put another way, this investigator was able to save an entire workday of time and effort by using EnCase Forensic. That meant eight hours to devote to other important law enforcement work, or potentially even eight fewer hours of overtime expense for the department.
During our discussion, this experienced commissioner also shared another evidence processing instance that consisted of a 26GB pst file with 91,000 objects and 41,000 emails. He processed the evidence with both EnCase Forensic and the same digital investigation software mentioned above. Once again, the performance differences between the two solutions were significant. In just 20 minutes, EnCase Forensic completed processing the evidence file. However, after 1 hour and 13 minutes, the other product had still not completed the job. Just as in previous cases, the facts showed that EnCase Forensic processed evidence significantly faster than the other solution – 67% faster in this case!
Keep in mind that the 67% faster data point assumes that the processing job had been completed, when in fact EnCase Forensic was the only product that was able to complete the job. At the one hour mark, the other product was still trying to complete the evidence processing.
Speed with consistent results
Every investigator I talk with highlights the importance of speed in their investigations. And when we talk about speed, it’s not about whipping through the evidence with a simple click here and a click there. Speed must come with reliable, defensible results. People’s lives are depending on these results so speed that equates to easy is a dangerous approach. But speed that relates to performance that produces reliable results, helps investigators close cases faster, reduces case backlogs, brings offenders to justice faster, exonerates the innocent faster, increases the efficiency of the investigative teams and minimizes the impacts on strained police department budgets is what matters. EnCase Forensic is the clear choice when these are the objectives of a law enforcement agency. After all, it’s about making the world a safer, more secure place.
