AccessData

From Forensics Wiki
Revision as of 11:09, 6 March 2006 by Pw (Talk | contribs)

Jump to: navigation, search

Contents

AccessData

Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.


website

Features

File Systems Understood

The Forensics Toolkit Imager can read:

  • All FAT.
  • NTFS
  • Ext2 and Ext3
  • HFS
  • HPFS
  • CDFS
  • DVD
  • Locked systems like SAM/SYSTEM)

(See imager notes)

Image File Formats

  • Encase
  • SMART
  • Snapback
  • Safeback
  • DD

File Search Facilities

  • "View over 270 different file formats"
  • Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others.
  • Registry Viewer

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

  • Uses MD5 and SHA1.
  • Uses hash databases from NIST and Hashkeeper.
  • Create custom hashsets. ("Coming soon.")


Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.

License Notes

Is it commercial or open source? Are there other licensing options?

External Links

website

External Reviews