Difference between revisions of "Forensic Toolkit"

From ForensicsWiki
Jump to: navigation, search
m
m (adding AFF image type support)
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
{{Infobox_Software |
 +
  name = Forensic Toolkit (FTK) |
 +
  maintainer = [[AccessData]] |
 +
  os = {{Windows}} |
 +
  genre = {{Analysis}} |
 +
  license = {{Commercial}} |
 +
  website = [http://www.accessdata.com/forensictoolkit.html accessdata.com] |
 +
}}
 +
 
The '''Forensic Toolkit''' ('''FTK''') is a commercial forensic software package distributed by [[AccessData]].
 
The '''Forensic Toolkit''' ('''FTK''') is a commercial forensic software package distributed by [[AccessData]].
  
 
=Features=
 
=Features=
  
==File Systems Understood==
+
The Forensic toolkit can parse a number of filesystems, including [[FAT]] 12/16/32, [[NTFS]], NTFS Compressed, [[Ext2]], and [[Ext3]]. It can use image files created by [[AFF]], [[EnCase]], [[SMART]], [[Snapback]], some versions of [[Safeback]] and [[dd]].
 
+
* Outlook (PST)
+
* AOL
+
* Web based email like Yahoo and Hotmail
+
* Eudora
+
* MSN Mail
+
* [[NTFS]]
+
* [[FAT]]
+
* [[Ext2]], [[Ext3]]
+
* Compressed files with [[WinZip]], [[GZip]], [[Tar]] and others
+
 
+
==File Search Facilities==
+
 
+
* Lists allocated and unallocated files.
+
* Sorts files by type.
+
* Searches for keywords and regular expressions.
+
 
+
==Historical Reconstruction==
+
 
+
Can it build timelines and search by creation date?
+
 
+
==Searching Abilities==
+
 
+
* Can use basic keyword searching.
+
* Offers full-text indexing powered by [[dtSearch]].
+
* Search can be focused on "Internet text".
+
 
+
==Hash Databases==
+
 
+
* [[MD5]].
+
* Searches with "Known File Filter" ([[NIST]] and [[Hashkeeper]]).
+
 
+
==Evidence Collection Features==
+
 
+
Can it sign files? Does it keep an audit log?
+
  
=History=
+
The program allows users to search with keywords or take advantage of [[drive indexing]] using  the [[dtSearch]] algorithm.
  
==License Notes==
+
== Data Reduction ==
  
Is it commercial or open source? Are there other licensing options?
+
The Known File Filter, or KFF, can be used to eliminate or highlight known files using [[MD5]] hashes generated by user or from [[National Software Reference Library|NIST]] or [[Hashkeeper]].
  
=External Links=
+
== External Links ==
+
* [http://www.accessdata.com/ Official website]
+
  
==External Reviews==
+
[http://www.accessdata.com/forensictoolkit.html Forensic Toolkit information from AccessData]

Latest revision as of 19:43, 4 April 2012

Forensic Toolkit (FTK)
Maintainer: AccessData
OS: Windows
Genre: Analysis
License: Commercial
Website: accessdata.com

The Forensic Toolkit (FTK) is a commercial forensic software package distributed by AccessData.

Features

The Forensic toolkit can parse a number of filesystems, including FAT 12/16/32, NTFS, NTFS Compressed, Ext2, and Ext3. It can use image files created by AFF, EnCase, SMART, Snapback, some versions of Safeback and dd.

The program allows users to search with keywords or take advantage of drive indexing using the dtSearch algorithm.

Data Reduction

The Known File Filter, or KFF, can be used to eliminate or highlight known files using MD5 hashes generated by user or from NIST or Hashkeeper.

External Links

Forensic Toolkit information from AccessData