Autopsy Digital Forensics vs. Wireshark

Autopsy Digital Forensics is great for image investigation, just do a copy of the image, load it up and do the investigation. In the hands of DFIR specialist this software can do wonders in revealing various of pieces of information from an image. Software is easy to use and even a novice could use it without much trouble (assuming he has the knowledge of what to search for).

Wireshark is great for enterprise networks with large amounts of data traversing the network that need a way to filter and inspect specific traffic by specific parameters (i.e. destination / source IP address, host, or type). There are use-cases for smaller environments, but the amount of time needed to learn how to effectively use the tool may not be beneficial for home / small office users.

Incentivized

• Easy to use UI
• Fast compared to competitors
• Ability to use modules and plugins
• Portable
• Just does the job

• Light-weight software - Does not require high end specifications; also runs smoothly on Legacy systems
• Filter function - Lets you filter you packets from thousands to tens so as to find your target much easily
• Simultaneous capturing on all the network adapters - You can capture packets from all the Network Interface Cards (NIC's) at once.

• None - this software is amazing.

• A more user-friendly interface would be nice, but then again it is not really designed for those who are not quite comfortable with this type of software.
• Changes to functionality on updates - this can sometimes happen unexpectedly and can be an annoyance.
• More powerful data processing would be welcomed

Incentivized

It's very simple and easy to use, although individuals not used to managing and administering networks would take some time to get familiar with it. Once they have mastered use of the application, it's easy to stay knowledgeable about it, iteration after iteration. It is well supported online through an open-source community network of professionals who are helpful in imparting knowledge and in providing assistance.

Incentivized

I don't believe Wireshark has "true" support as the software is open source. However, there is an active & friendly community around Wireshark that are more than happy to help answer questions. From a comprehensive Wiki and FAQ section on the site to the Ask a Question forum and bug tracker section, there's plenty of support options to make sure your questions and issues are addressed.

Incentivized

Simple and easy setup.

Incentivized

Autopsy was easier to use, I liked the UI more and it just felt better.

[Wireshark] is just the go-to application. It's the tool that is taught with in school and at trade conferences. We have not had a need to even look at other tools. It's free, it had a ton of functionality, and it just works without complaint.

Incentivized

• Easies forensic investigations
• Has great training platform
• Has a free version

• Identifying bugs in the network has never been smooth and near-perfect.
• Wireshark has made sure our equipment and software is working properly via analyzing network data.
• Analysis of IP packets and Sip call flaws has saved us a lot of time and confident result.

Incentivized