Forensic Toolkit 3
August 09, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature-rich, very thorough, a forensic Swiss Army knife
- Weaknesses: Steep system requirements
- Verdict: One of the top forensics suites out there, even if it does require a beast of a machine to run
Access Data's Forensic Toolkit 3 (FTK) is a well-rounded, feature-rich application and is one of the best all-in-one forensic products available. The most notable addition to this newest version of FTK is the Remote Device Mounting Services (RDMS). This allows the user to perform a memory dump and acquire an image of a remote machine.
Installation of FTK is pretty straightforward but time consuming. The newest version now requires an Oracle database (included) to be installed, along with the application itself. However, this whole process is mostly automated, requiring little assistance from the user.
FTK should not be installed on just any machine, as the requirements are quite significant. For example, the ideal amount of RAM for the GUI and database machine is 8GB and 12GB respectively. Access Data also says the ideal storage for the database is a 250+ GB solid-state drive dedicated exclusively to Oracle.
The GUI at first glance is rather intimidating, as it is quite clustered with many windows, tabs and buttons. If you are familiar with older versions of Forensic Toolkit, you might need to take some time to relearn the new setup.
Creating a new case and acquiring an image are fairly simple tasks. Without the proper hardware, this may take some time, especially when using the new RDMS feature. When acquiring an image FTK gives you many options, including data carving, deleted file recovery, registry recovery and listing HTML files. Once the image is loaded, browsing through the contents of the acquired drive is straightforward.
Figuring out the filtering feature was a bit more difficult however, once an investigation is complete or you need a quick summary, FTK has an excellent reporting feature, as it creates reports in many different formats.
The documentation is comprehensive and does a great job of covering everything from installation of FTK to the most obscure features.
Access Data offers phone, email and web support. This is not included in the price of the product. An additional charge per year is required to receive unlimited telephone support and product updates from Access Data.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report