Thursday, 20 June 2013

COMPUTER FORENSICS SOFTWARE: Forensic Toolkit (FTK) Version 3

THE INDUSTRY-STANDARD COMPUTER FORENSICS SOFTWARE USED BY GOVERNMENT AGENCIES AND LAW ENFORCEMENT AROUND THE WORLD

Forensic Toolkit® (FTK®) is recognized around the world as the standard in computer forensics software. This court-validated digital investigations platform delivers cutting-edge computer forensic analysis, decryption and password cracking all within an intuitive and customizable interface. FTK 3 is built for speed, analytics and enterprise-class scalability. Known for its intuitive interface, email analysis, customizable data views and stability, FTK lays the framework for seamless expansion, so your computer forensics solution can grow with your organization’s needs. Forensic Toolkit 3 is now the most advanced computer forensics software available, providing functionality that normally only organizations with tens of thousands of dollars could afford.

Download: http://www.accessdata.com

Review: Access Data Forensic Toolkit (FTK) Version 3

When it comes to computer forensic tools, I consider myself to be somewhat of a late adopter. I love to play with the latest tool release, but when it comes to what I’m actually going to use in my lab, I prefer to have a mature product. It takes too much time to test and validate tools to waste time on buggy or incomplete versions. So, I finally made the jump (back) to Access Data’s Forensic Toolkit (FTK) in its 3.1 version. Like many forensic professionals I know, I sat out the “lost generation” of FTK v2. However, if you haven’t taken a look recently, version 3 will likely surprise you.

I don’t expect tool suites to solve all of my forensic problems, but I do appreciate the breadth of capabilities they can provide in one package. FTK v3 excels at facilitating keyword searches, graphics review, email archive parsing, compound file extraction, and has an excellent collection of built-in file viewers. I have neither the blog space nor the energy to go into each of these, but I would put FTK at the top of my tool list for any of these activities. However, I would like to cover a few of the new or updated features I have found useful.

MAC OS X FORENSIC SUPPORT

With Apple PCs nearing a market share of 10%, it is getting harder and harder for forensic professionals to pretend they don’t exist. Even if you are in an enterprise environment, I am betting someone in senior leadership has sought a waiver to bring his or her silver status symbol to work. We have been living in a Microsoft Windows world and most of our forensic tools cater to that platform. While FTK and others have supported the HFS filesystem for a long time, it is clear in the latest release that many developer hours have been spent to include real analysis capabilities.

No comments:

Post a Comment