AccessData Tool Suite
May 12, 2014
FTK perpetual license: £2,355, Cerberus adds £1,415; AD Triage: £885; MPE +: £1,471, Velocitor add-on adds £1,769 (includes Forensic Tool Kit, AD Triage and Mobile Phone Examiner Plus).
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Solid suite of products that work together to form the core of a computer forensic lab operation. Cerberus is particularly impressive.
- Weaknesses: None that we found.
- Verdict: This can form the basis for a solid computer forensic operation encompassing mobile devices, computer disks and rapid response. It works equally well in a small lab and a larger group operation. We make this our Best Buy.
We are reviewing this suite of forensic tools as a package the same way we did last year because the elements work well together and offer a complete set of computer forensic capabilities. FTK has been our workhorse for several releases. It always has provided the power we need and the speed that makes processing large cases practical. Our systems have two configurations: One puts the backend database on a separate server and the other puts the database on the same computer as the processing engine and the user interface. Both work equally well for single users. When you run a lab that requires that multiple users have access to a single case, you must put the backend database on a server accessible to all. We also place the evidence on a case server where all users can access it.
FTK has all of the capabilities that one would expect from a computer forensic tool - plus a couple more. For example, it includes the Visualiser, a tool that creates timelines for documents and emails. It goes beyond simple timelines, though, to analysis. Additionally, the Cerberus extra-cost add-in is one of the most sophisticated malware forensic tools we have come across as part of a computer forensic product. Cerberus literally finds and performs an analysis - including static reversing - of malware. Using the output of Cerberus, users can create indicators of compromise (IOCs) easily.
For those occasions when a full analysis of a large number of computers is not practical and a question remains as to whether there is data of value on them (and where it might reside) ADTriage is just the thing. Built on FTK technology, it allows a set of pre-configured collection profiles that investigators in the field can use to pinpoint computers of interest, acquire them and bring the image back to the lab for further analysis.
Documentation for all of the AccessData products is included with the product in the form of a searchable PDF replete with illustrations and step-by-step how-tos. Installation is very straightforward and once installed all the documentation is quickly accessible from within the tool.
We have processed several cases of various sizes using this suite of products and have always had first-class results. The current versions of all three products are solid, reliable and work well for both small and large labs. A major improvement in FTK has been replacement of the Oracle backend database with Microsoft SQL Server. We found it to be fast, reliable and easy to deploy. When used along with FTK Imager and Registry Viewer, this suit of tools can form the backbone of any computer forensic effort.
While this is not an inexpensive tool set, it is not out of line with today's market. AccessData offers basic, no-cost, eight-hours-a-day/five-days-a-week phone support that has additional help desk hours by calling a dedicated number and following the pre-recorded listed prompts. AccessData also offers fee-based support at 28 percent of the base price of the product. This option includes a web-based support option that features a knowledge base and FAQ list. Also offered is 24/7 phone and email aid. However, product downloads, user forums and knowledge base all are available without a paid support contract.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator