Difference between revisions of "AccessData"

From Forensics Wiki
Jump to: navigation, search
Line 46: Line 46:
 
==Hash Databases==
 
==Hash Databases==
  
Uses MD5 and SHA1.
+
* Uses MD5 and SHA1.
 +
* Uses hash databases from NIST and Hashkeeper.
 +
* Create custom hashsets. ("Coming soon.")
 +
 
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==

Revision as of 11:09, 6 March 2006

Contents

AccessData

Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.


website

Features

File Systems Understood

The Forensics Toolkit Imager can read:

  • All FAT.
  • NTFS
  • Ext2 and Ext3
  • HFS
  • HPFS
  • CDFS
  • DVD
  • Locked systems like SAM/SYSTEM)

(See imager notes)

Image File Formats

  • Encase
  • SMART
  • Snapback
  • Safeback
  • DD

File Search Facilities

  • "View over 270 different file formats"
  • Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others.
  • Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

  • Uses MD5 and SHA1.
  • Uses hash databases from NIST and Hashkeeper.
  • Create custom hashsets. ("Coming soon.")


Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.

License Notes

Is it commercial or open source? Are there other licensing options?

External Links

website

External Reviews