Difference between revisions of "AccessData"
From Forensics Wiki
| Line 1: | Line 1: | ||
| − | |||
=AccessData= | =AccessData= | ||
| Line 34: | Line 33: | ||
* "View over 270 different file formats" | * "View over 270 different file formats" | ||
| + | * Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others. | ||
| + | * Registry Viewer | ||
==Historical Reconstruction== | ==Historical Reconstruction== | ||
Revision as of 11:08, 6 March 2006
Contents |
AccessData
Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.
Features
File Systems Understood
The Forensics Toolkit Imager can read:
- All FAT.
- NTFS
- Ext2 and Ext3
- HFS
- HPFS
- CDFS
- DVD
- Locked systems like SAM/SYSTEM)
(See imager notes)
Image File Formats
- Encase
- SMART
- Snapback
- Safeback
- DD
File Search Facilities
- "View over 270 different file formats"
- Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others.
- Registry Viewer
Historical Reconstruction
Can it build timelines and search by creation date?
Searching Abilities
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
Hash Databases
Uses MD5 and SHA1.
Evidence Collection Features
Can it sign files? Does it keep an audit log?
History
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
License Notes
Is it commercial or open source? Are there other licensing options?
