Forensic Toolkit® (FTK®): Recognized around the World as the Standard in Computer Forensics Software
FTK is a court-accepted digital investigations platform that is built for speed, analytics and enterprise-class scalability. Known for its intuitive interface, email analysis, customizable data views and stability, FTK lays the framework for seamless expansion, so your computer forensics solution can grow with your organization’s needs.
In addition AccessData offers new expansion modules delivering an industry-first malware analysis capability and state-of-the-art visualization. These modules integrate with FTK to create the most comprehensive computer forensics platform on the market.
Cerberus is a malware triage technology that is available as an add-on for FTK 4. The first step towards automated reverse engineering, Cerberus provides threat scores and disassembly analysis to determine both the behavior and intent of suspect binaries.
View data in multiple display formats, including timelines, cluster graphs, pie charts and more. Quickly determine relationships in the data, find key pieces of information, and generate reports that are easily consumed by attorneys, CIOs or other investigators.
Integrated Computer Forensics Solution
- Create images, process a wide range of data types from forensic images to email archives, analyze the registry, conduct an investigation, decrypt files, crack passwords, and build a report all with a single solution.
- Recover passwords from 100+ applications.
- KFF hash library with 45 million hashes.
- Advanced, automated analysis without the scripting.
Since FTK is Database Driven, it means you don't lose work due to crashing
- Wizard-driven processing ensures no data is missed.
- Cancel/Pause/Resume functionality
- Real-time processing status
- CPU resource throttling
- Email notification upon processing completion
- Pre- and post-processing refinement
- Advanced data carving engine allows you to specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness.
- Easy, wizard-driven agent deployment.
- Secure remote device mounting using the Pico agent.
Advanced Volatile / Memory Analysis
- Supports Windows® (32- and 64-bit), Apple®, UNIX® and Linux® operating systems
- Comprehensive analysis of volatile data
- Static RAM analysis from an image or against a live system
- Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
- Dump a process and associated DLLs for further analysis in third-party tools.
- Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
- FTK 4 now provides VAD tree analysis and exposes registry artifacts in memory and will parse and display handle information from memory.
Exceptional Apple® OS Analysis
- Process B-Trees attributes for metadata
- PLIST support
- SQLite database support
- Apple DMG and DD_DMG disk image support
- JSON file support
Faster, More Comprehensive Index and Binary Searching
- New in FTK 4: Regular expression support in index searching allows you to search for advanced combinations of characters within indexed data.
Broad File System. File Type and Email Support
- Support for 700+ image, archive and file types
- Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833
- Process and analyze DMG (compressed and uncompressed), Ext4, exFAT, VxFS (Veritas File System), Microsoft VHD (Microsoft Virtual Hard Disk), Blackberry IPD backup files, Android YAFFS / YAFFS 2 and many more.
- Create and process Advanced Forensic Format (AFF) images.
Broad Encryption Support
- Automatically decrypt (with proper credentials) Credant, SafeBoot, Utimaco, SafeGuard Enterprise and Easy, EFS, PGP, GuardianEdge, Pointsec and S/MIME.
- FTK is the only computer forensics solution that can identify encrypted PDFs.
Explicit Image Detection (EID) Add-On
- Generate detailed reports in native format, HTML, PDF, XML, RTF, and more – with links back to the original evidence.
- Define Registry Supplemental Reports (RSR) during pre-processing or additional analysis.
- See which files could not be processed or indexed with the Processing Exception/Case Info report.
- Create a CSV of processed files that can be imported into Excel or a database application.
- Export MSGs for all supported email types.
CONFIGURATION OPTION 1 – Single PC/Server
Specifications for FTK 4 with the PostgreSQL Database, FTK UI and Primary Processing Engine on the Same PC/Server
Drive 2: PostgreSQL Database (SSD or HW RAID)
Drive 3: Case Folder and HD Image
Drive 4: Temp Directory (SSD or RAID0)
CONFIGURATION OPTION 2 – Two PC/Server
Specification for FTK 4 UI and Processing Engine on one machine and PostgreSQL on a Separate (2nd) Machine (2 Node Configuration)
Node 1: Specifications for GUI and Worker
Drive Set 2: Hard Drive Image and Case Folder
Drive 3 (temp folder): SSD or RAID0
- [Deutsch] – OFD Niedersachsen setzt auf Digital Investigations mit AccessData
- Case Study: Royal Military Police seeks out AccessData for Digital Forensics
- Case Study: Processing 1TB+ of Complex Data in 12 Hours
- Explicit Image Detection
- Case Study: The Scott Peterson Trial
- FTK Brochure
- Cerberus Data Sheet
- Visualization Data Sheet
Our experienced team can provide in depth product or service explanations as well as, schedule a demo, and/or price quotes. You can expect a reply within 24-48 hours.
For an immediate response please contact us at: Domestic US: 800.574.5199 | Int’l: +44(0)20 7010 7800.
AccessData, Forensic Toolkit and FTK are registered trademarks owned by AccessData in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners. Any reference to non-AccessData marks are for the purposes of enumerating the technologies AccessData solutions will address during the course of a digital investigation.
Stop relying on third-party tools to see visual relationships within data. AccessData's new FTK add-on, Visualization, allows you to view data in seconds in multiple display formats, including timelines, cluster graphs, pie charts and more.
By combining the state-of-the-art backend processing of FTK with this graphical analytic interface you will dramatically enhance the accuracy and speed with which you analyze case data.
Graphical Email Analytics
- Adjust scale and focus of communication periods in days, weeks, months, years and decades.
- Quickly determine and convey peak communication periods in a graphical format.
- View email custodian-level details including sent and received statistics to pinpoint periods of interest.
- Graphically represent the social network of an email custodian to determine strength/frequency of communication.
- Obtain key insight into the interaction among potential persons of interest and flag these email exchanges in FTK.
Graphical File Analytics
- Adjust scale and focus of created, modified and last accessed dates to identify gaps or areas of interest.
- Provide a complete picture of the data profile and makeup.
- Understand file volume and counts through an interactive interface.
- Sort and group files by a variety of metadata attributes.
- Efficiently identify and tag files for checking in FTK.
Mac features… that can't be found in any other Windows Analysis