Difference between revisions of "AccessData"

From Forensics Wiki
Jump to: navigation, search
 
Line 1: Line 1:
  
 +
=AccessData=
 +
 +
Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.
 +
 +
 +
[http://www.accessdata.com/ website]
  
 
=Features=
 
=Features=
  
 
==File Systems Understood==
 
==File Systems Understood==
 +
 +
The Forensics Toolkit Imager can read:
 +
 +
* All FAT.
 +
* NTFS
 +
* Ext2 and Ext3
 +
* HFS
 +
* HPFS
 +
* CDFS
 +
* DVD
 +
* Locked systems like SAM/SYSTEM)
 +
(See [http://www.accessdata.com/products/imager/ imager notes])
 +
 +
=== Image File Formats===
 +
* Encase
 +
* SMART
 +
* Snapback
 +
* Safeback
 +
* DD
  
 
==File Search Facilities==
 
==File Search Facilities==
 +
 +
 +
* "View over 270 different file formats"
  
 
==Historical Reconstruction==
 
==Historical Reconstruction==
Line 17: Line 45:
 
==Hash Databases==
 
==Hash Databases==
  
Can it create hashes of files and/or blocks? Can it compare these hash values to any databases?
+
Uses MD5 and SHA1.
What sort of hash functions does it use?
+
  
 
==Evidence Collection Features==
 
==Evidence Collection Features==
Line 34: Line 61:
 
= External Links =
 
= External Links =
  
EnCase Homepage - http://www.guidancesoftware.com/lawenforcement/ef_index.asp
+
[http://www.accessdata.com/ website]
  
 
==External Reviews==
 
==External Reviews==

Revision as of 11:07, 6 March 2006

Contents

AccessData

Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.


website

Features

File Systems Understood

The Forensics Toolkit Imager can read:

  • All FAT.
  • NTFS
  • Ext2 and Ext3
  • HFS
  • HPFS
  • CDFS
  • DVD
  • Locked systems like SAM/SYSTEM)

(See imager notes)

Image File Formats

  • Encase
  • SMART
  • Snapback
  • Safeback
  • DD

File Search Facilities

  • "View over 270 different file formats"

Historical Reconstruction

Can it build timelines and search by creation date?

Searching Abilities

Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?

Hash Databases

Uses MD5 and SHA1.

Evidence Collection Features

Can it sign files? Does it keep an audit log?

History

Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.

License Notes

Is it commercial or open source? Are there other licensing options?

External Links

website

External Reviews