AccessData announced the release of Forensic Toolkit (FTK) 5. With this major release, AccessData brings an even faster and more comprehensive FTK capable of exposing more data in less time. FTK 5 includes data visualization and explicit image detection (EID) out of the box. These two critical investigative capabilities give FTK users a great advantage, compared to tackling these tasks with other products. Data Visualization features automated graphical timeline construction and analysis of social relationships, and investigators can include visualization images in their case reports. Explicit Image Detection (EID) detects not only flesh tones but conducts a thorough analysis of shapes and orientation. Furthermore, FTK 5 integrates with Microsoft PhotoDNA® which creates a unique signature for a digital image, like a fingerprint, that can be compared with the signatures of other images to find copies and variations of images of interest. “The release of FTK 5 significantly raises the bar for forensic analysis tools”, commented Brian Karney, President and COO of AccessData. “FTK 5 allows users to access and identify that important data so much faster than other tools, streamlining time consuming tasks and helping minimize case backlog.”
FTK 5 also delivers enhanced Internet analysis with a new dedicated Internet/Chat tab that allows users easier access to these artifacts that are more and more often integral to a case. The enhanced analysis capabilities include new Internet artifact carvers for more than 30 additional web applications/services, social media sites and games. Google Chrome analysis enhancements feature easier navigation through artifacts, web page reconstruction and the creation of individual records from Chrome artifact tables for bookmarks, cookies, credit card data, data profile, downloads, history, keywords, login data, top sites and web auto-fill data.
In addition, AccessData has enhanced the integration of its industry-leading decryption technology, PRTK®. Now, FTK users can send files directly to PRTK for on-the-fly password recovery during evidence review. The Forensic Toolkit platform also delivers its own enhanced file decryption with FTK 5 now able to decrypt almost as many file formats as PRTK. In addition, users can import password lists to automatically decrypt files during the initial processing phase.
New and with every copy of FTK 5, users will receive a Mobile Phone Examiner Plus (MPE+) Essential license. MPE+ Essential operates as a full MPE+ license for 30 days after the purchase or upgrade is activated, offering access to all features and devices. After this time, users will be given the option to purchase the full license of MPE+ or continue with the MPE+ Essential license. MPE+ Essential allows users to perform full iOS® and Android™ device examinations. MPE+ is the only mobile device analysis solution on the market to integrate seamlessly with FTK, allowing investigators to correlate evidence from multiple mobile devices with multiple computers within a single interface.
AccessData is also offering, for a limited time, special pricing on a Forensic Toolkit/Mobile Phone Examiner Plus subscription bundle. As these two solutions both provide unparalleled analysis and work together to allow easy correlation of data from multiple mobile devices and computers, many practitioners are opting to add both products to their digital forensics arsenal. This subscription offer is intended to make that transition easier for budget-constrained organizations.
Finally, the FTK 5 release is poised to change the way organizations and law firms handle their legal review process. FTK can now be used collaboratively with AccessData’s market-leading legal review platform, Summation. Forensic examiners and litigation support personnel can access the same case data on the same database to perform legal review and forensic examination simultaneously, which significantly streamlines the investigation to litigation lifecycle.
Some additional enhancements include the following:
- Includes the most recent National Software Reference Library list for the Known File Filter
- Log2timeline CSV support
- Automated language identification
- Create, import and export reusable processing profiles
- Generate timeline reports in CSV format for bookmarked items
About Forensic Toolkit® (FTK®)
Given 5 stars several years running and a recommended designation from SC Magazine, AccessData’s flagship product, Forensic Toolkit has forged a category all its own, by delivering a radically different architecture than other forensic tools, more advanced capabilities and a different approach to processing and analysis. The database-driven solution introduced distributed processing, integrated volatile data and memory analysis, the most comprehensive Apple OS analysis of any other Windows-based forensics product and built-in decryption capabilities. FTK is truly an enterprise-class investigative platform, allowing examiners to remotely preview and acquire computers and handle massive volumes of data with unmatched speed and accuracy.
First published in The Australian Security Magazine June 2013