SANS Digital Forensics and Incident Response Blog: Tag - Access Data

Review: Access Data Forensic Toolkit (FTK) Version 3 — Part 2

Welcome to part two of my FTK v3 review. If you have not read the first post, it can be found here. Forensic suites are notoriously difficult to review because of the sheer number of features they include. We are lucky within the computer forensic community to have multiple vendors operating in a highly competitive environment. As such, the core forensic suites continue to add functionality. I have chosen to highlight a few of the new(er) features within Access Data's Forensic Toolkit (FTK). I interact with a lot of folks who are building forensic capabilities within their organizations, often with a limited budget. With the new additions to FTK, I find myself recommending it more and more. For the typical forensic shop it really does have a lot of bang


Review: Access Data Forensic Toolkit (FTK) Version 3 — Part 1

When it comes to computer forensic tools, I consider myself to be somewhat of a late adopter. I love to play with the latest tool release, but when it comes to what I'm actually going to use in my lab, I prefer to have a mature product. It takes too much time to test and validate tools to waste time on buggy or incomplete versions. So, I finally made the jump (back) to Access Data's Forensic Toolkit (FTK) in its 3.1 version. Like many forensic professionals I know, I sat out the "lost generation" of FTK v2. However, if you haven't taken a look recently, version 3 will likely surprise you.

I don't expect tool suites to solve all of my forensic problems, but I do appreciate the breadth of capabilities they can provide in one package. FTK v3 excels at facilitating keyword searches, graphics review, email archive parsing, compound file extraction, and has an excellent