AccessData announced the release of version 3 of Forensic Toolkit, a solution that delivers enhanced analytics, remote device acquisition and expanded reporting options. GUI speeds and processing time have also been improved.
AccessData has incorporated both remote data acquisition and RAM analysis into FTK 3, so investigators are not only able to preview a target’s machine from across the network to determine relevancy prior to acquisition, but they can also acquire and fully analyze the data on the system, including the system’s RAM.
This allows the investigator to understand what the computer was doing at the time of acquisition through the enumeration of all running processes, even those hidden by rootkits. The investigator is also able to identify critical data in live memory, such as passwords, html files, .lnk files, and MS Office documents.
Another added benefit of FTK is its ability to automatically identify pornographic images through an integration with LTU technologies’ image analysis solution. The technology analyzes visual features of images and scores those images by their potential to be pornographic. This capability will be of immense value in the investigation of child pornography cases, which are currently inundating law enforcement agencies around the world.
FTK 3 features:
- Redesigned database layer
- Re-engineered dtSearch integration
- Secure remote device mounting.