Product Information

AccessData Forensic Suite

Vendor:

AccessData

  • SC Magazine Recommended

Price:

MPE Plus: £1,863; FTK: £1,848.50; and AD Triage: £925

Quick Read

Strengths: A host of tools that enable a thorough and organised investigation

Weaknesses: Some of the software tools may not be quickly understood by beginners

Verdict: The three-product platform provides a solid foundation for any digital forensic investigation. For a full-feature package, we rate Recommended

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Features:
Documentation:
Value for Money:
Performance:
Support:
Ease of Use:
5/5

Summary

There are three products in AccessData's forensic suite that every digital forensic investigator needs: Mobile Phone Examiner (MPE) Plus, Forensic Toolkit (FTK) and AD Triage. The compatibility of the three tools enables the user to complete a thorough and organised investigation. 

MPE Plus is a software solution for mobile phone extraction and analysis. It supports more than 6,800 devices, including the iPhone, iPad, Android, BlackBerry and MediaTek (MTK) Chinese devices. 

The installation process is simple and took us only about 20 minutes. The interface is organised with three well-labelled menus, and tools that are graphically displayed cleanly. The interface allows the user to manipulate and examine data with a host of tools, allowing for a functional, effective approach. The automated results are generated from the app and can be exported or printed. 

FTK is a digital investigation platform built for speed, analytics and scalability. Known for its intuitive interface, email analysis capability, customisable data views and stability, it lays the framework for seamless expansion so one's computer forensic solution can grow with an organisation's needs. Additionally, FTK integrates with optional expansion modules to provide malware analysis capability and state-of-the-art visualisation.

AD Triage is an easy-to-use, forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. AD Triage is ideal for users who are inexperienced with computer forensic software, but need to preserve evidence in the field. Installation of this component is simple and requires only three steps. Triage is segregated into two different interfaces: administrator and receiver. The administration interface is used to manage and configure removable media devices and to review and store all collected data. The receiver interface is employed for target systems to collect data to a USB device or to a network-connected computer.

Once licences have been obtained and the devices installed, one can access the data essential to an investigation. The profile is published and assigned to the removable device desired. The device can then be plugged into the computer from which the information will be extracted by running the Triage agent application file. If the computer is not in active state, then the user should use a bootable CD/DVD or USB. The run process will activate the interface and the extraction process is started. All of the files that were required when creating the profile of the device are going to be sorted and can then be exported to the device or a remote destination that is specified. 

Finally, the file collection from the field can be reviewed and a report generated and stored to the investigator's lab computer. The AccessData suite offers support and documentation in a variety of forms: via phone, email, web, discussion forums and a user guide. 

Each of the products has to be purchased separately as these applications are not bundled together as a suite. However, at a total price of just over £4,600 for all three tools, the simplicity, functionality and management capabilities that can be applied to the analysed data well justify the expense.

Reviews For This Vendor