Forensic Toolkit FTK

Rely on the award-winning computer forensics software that delivers enterprise-class capabilities and unmatched analysis of Mac OS, email, RAM.
Forensic Toolkit is now the most advanced computer forensics software available, providing enterprise-class functionality for a stand-alone price.
FTK is the leading computer forensics software solution. Because it is designed with an enterprise-class architecture that is database driven, it is proven to deliver the most robust analysis, and it provides the fastest processing on the market. FTKs database-driven design prevents the crashing that is so common with memory-based tools. The solution scales to handle massive data sets and lays the foundation for you to expand into a full lab infrastructure. So as your needs grow, your solution grows with you.

Get unmatched stability, speed and analysis with FTK.

Acquisition and Analysis of Live Data Mac Analysis Distributed Processing Unrivaled Stability Robust Reporting

INNOVATOR

2010 2011 2011

BEST BUY

ENGINEERED FOR SPEED AND EFFICIENCY ENGINEERED FOR SPEED AND EFFICIENCY Fastest Processing on the Market Every copy of FTK of comes with 4 distributed processing workers, allowing you to leverage CPU resources from up to 4 computers. (3 distributed workers and 1 worker on the main FTK examiner system) Leverage legacy hardware to dramatically reduce processing time. Cancel/Pause/Resume functionality Real-time processing status CPU resource throttling Email notification upon processing completion ENHANCED ANALYSIS ENHANCED ANALYSIS Extensive Macintosh Analysis: Process B-Trees attributes for metadata PLIST support SQLite database support Apple DMG and DD_DMG disk image support Crack Sparse Images or Sparse Bundles JSON file support Efficient Analysis of Graphics Fast image retrieval and reduced backup time. Fewer refreshes and less delay as you scroll quickly through pages of graphics. Corrupted images are distinguished from loading images.

FTK 3 is superb, and the Mac features are something that cant be found in any other Windows analysis tool. Ryan R. Kubasiak, www.appleexaminer.com

A Pioneer in Digital Investigations Since 1987

MORE...

Broad Encryption Support Utimaco, Guardian Edge, PGP, SafeBoot, Credent and EFS

Native Explicit Image Detection Integration (Available as an Add-on): Automated detection and identification of explicit images by analyzing visual features, not just flesh tones. All images are given a score, based on their potential to be pornographic.

ACQUISITION AND ANALYSIS OF LIVE DATA ACQUISITION AND ANALYSIS OF LIVE DATA Remote Device Mounting Remotely connect to a single target machine and mount it locally on the examiners machine for physical devices, logical volumes and memory. This enables examiners to use FTK, Imager or a third-party utility to analyze data on the remote device. Live Device Acquisition: Perform network-based, secure, single-system forensic acquisition of physical devices, logical volumes and RAM. o Image the full range of system memory o Image entire physical device or devices o Image an entire volume or volumes The agent can be quickly deployed and does not require installation of any kind. No painful authentication/authorization process is required. RAM Dump Analysis: Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context, from 32-and 64-bit windows machines. Dump a process and associated DLLs for further analysis in third-party tools. Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated and dump the corresponding item. Process RAM captures for additional forensic artifacts, such as passwords, html pages, .lnk files and MS Office documents

Control how data is processed.

A Pioneer in Digital Investigations Since 1987

2011 AccessData Group. All Rights Reserved.

Index search results are displayed by category.