Difference between revisions of "Forensic Toolkit"

From ForensicsWiki
Jump to: navigation, search
(Various fixes.)
m
Line 1: Line 1:
The '''Forensic Toolkit''' is a commercial forensic software package distributed by [[AccessData]].
+
The '''Forensic Toolkit''' ('''FTK''') is a commercial forensic software package distributed by [[AccessData]].
  
 
=Features=
 
=Features=

Revision as of 16:04, 31 March 2006

The Forensic Toolkit (FTK) is a commercial forensic software package distributed by AccessData.

Features

File Systems Understood

  • Outlook (PST)
  • AOL
  • Web based email like Yahoo and Hotmail
  • Eudora
  • MSN Mail
  • NTFS
  • FAT
  • Ext2, Ext3
  • Compressed files with WinZip, GZip, Tar and others

File Search Facilities

  • Lists allocated and unallocated files.
  • Sorts files by type.
  • Searches for keywords and regular expressions.

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

  • Can use basic keyword searching.
  • Offers full-text indexing powered by dtSearch.
  • Search can be focused on "Internet text".

Hash Databases

Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

License Notes

Is it commercial or open source? Are there other licensing options?

External Links

External Reviews