From ForensicsWiki
Revision as of 16:08, 6 March 2006 by Pw (Talk | contribs)

Jump to: navigation, search


Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.



File Systems Understood

The Forensics Toolkit Imager can read:

  • All FAT.
  • NTFS
  • Ext2 and Ext3
  • HFS
  • HPFS
  • CDFS
  • DVD
  • Locked systems like SAM/SYSTEM)

(See imager notes)

Image File Formats

  • Encase
  • Snapback
  • Safeback
  • DD

File Search Facilities

  • "View over 270 different file formats"
  • Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others.
  • Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Uses MD5 and SHA1.

Evidence Collection Features

Can it sign files? Does it keep an audit log?


Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.

License Notes

Is it commercial or open source? Are there other licensing options?

External Links


External Reviews