ACCESSDATA Forensic Toolkit® (FTK®)
Zero in on relevant evidence quickly, conduct faster searches and dramatically increase analysis speed with FTK®, the purpose-built solution that interoperates with mobile device and e-discovery technology. Powerful and proven, FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. No matter how many different data sources you’re dealing with or the amount of data you have to cull through, FTK gets you there quicker and better than anything else.
UNMATCHED SPEED AND STABILITY
FTK uses distributed processing and is the only forensics solution to fully leverage multi-thread/multi-core computers. While other forensics tools waste the potential of modern hardware solutions, FTK uses 100 percent of its hardware resources, helping investigators find relevant evidence faster.
FASTER SEARCHING
Since indexing is done upfront, filtering and searching are completed more efficiently than with any other solution. Whether you’re investigating or performing document review, you have a shared index file, eliminating the need to recreate or duplicate files.
DATABASE DRIVEN
FTK is truly database-driven, using one shared case database. All data is stored securely and centrally, allowing your teams to use the same data. This reduces the cost and complexity of creating multiple data sets.
CAPABILITIES
- Parse even more registry and Windows events in an easy to read, interactive and reportable Windows System Information tab. Also label, bookmark and export individual objects per category, allowing for easy searching, filtering and reporting.
- Supports decryption of File Vault 2 from the APFS file system.
- QView™ integration introduces a simple, intuitive and customizable review interface. Utilize multi-case functionality such as tagging, searching, labeling and bookmarking across multiple cases. Enjoy easy mobile chat application and multimedia review, along with similar face and image detection all backed by a unified database. And, a panels-driven interface means that you can customize the view to your liking.
- Export your data into a portable case for offline review and sync back labels, bookmarks, comments and notes to the original case. Reviewers will also appreciate the ability to view the data in a near-native format.
- Similar face and object detection allow investigators to quickly locate all images of a person or object across the case without having to train the system, which can use up valuable time and resources. Also, upload an image from outside the case and compare it to pictures within the current case without ingesting it.
- Get a head start on your investigation with URL detection and parsing capabilities across devices without regard to browser, neatly organized under one section to easily review the data and connect the dots in your investigation.
- FTK will ingest and support updated versions of LX01 and E01 images.
- Automatically import and expand a nested forensic image with image within an image support.
- Import and parse AFF4 images created from Mac® computers (generated by third-party solutions like MacQuisition by BlackBag).
- Parse XFS file systems when investigating and collecting from RHEL Linux environments.
- Leverage the power of your forensic environment with optimized support for unified database for the AWS/Amazon RDS configuration. Host your FTK database in AWS to upload, process and review for unmatched speed and scalability.
- Cut down on OCR time by up to 30% with our efficient OCR engine.
- Locate, manage, and filter mobile data more easily with a dedicated mobile tab. Use the message application filter to quickly isolate data from message applications like WhatsApp or Facebook.
- View all associated EXIF data, including location, make and model of the device used to capture the images or video.
- Collect, process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted.
- Decrypt a computer drive encrypted by the latest version of McAfee Drive Encryption and new L01 export support which eases the workflow of users when data must be used within multiple tools.
- Custom processing options help establish enterprise-wide processing standards, creating consistency for your investigations and reducing the possibility of missed data.
- The easy-to-use GUI provides a faster learning experience.
- Visualization technology that displays your data in timelines, cluster graphs, pie charts, geolocation and more, helps you get a clearer picture of events.