Forensic Toolkit 2.0
May 01, 2008
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Excellent all-round product
- Weaknesses: Licence installation can be slightly confusing for first-time users
- Verdict: Access Data's Forensic Toolkit 2.0 is a great product that is well put together and worth several times the price. Best Buy
The earlier 1.7 version's primary screen was a grey with many buttons for performing different parts of a forensic investigation. Version 2.0 has a sleeker interface with a tab-based design, but still felt a bit cluttered, thanks to the different windows on each of the tabs that were opened by default.
The FTK Imager utility was able to create a forensic image of the 1GB drive in less than three minutes. The import into the FTK interface took 30 minutes. A new feature allows the investigator to work with the data while it is being imported into the program. FTK was able to discover the deleted executable, directory and file and could even reconstruct the deleted picture. It detected the password-protected zip file and showed the file contents, but could not open the zip without the password-recovery toolkit.
FTK also found the password-protected Microsoft Word file, but did not spot the steganographed files. The solution includes data-carving features that allow the drive's slack space to be searched for file fragments. The only problems were that the application would crash with large email investigations and only recognised VMWare disk files as flat files and not virtual file systems.
The installation was simple and complex at the same time. The software went in as part of an auto-run utility and the interface for installation was very well laid out. The tricky part was trying to get the licence dongle recognised. It took several attempts to get the driver installed correctly as the XP OS would recognise the licence fob as a flash drive. Once the driver was set up it was necessary to contact the Access Data server to get the correct licences set up on the fob. This required a call to tech support.
The help file for FTK is the best we have ever seen. It walks you through using the utility with such detail you can learn the tool inside out from the manual.
The pricing for FTK is at the low end of the price spectrum, making this excellent value.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator