Offers toolkits for forensics, password recovery, registry viewing, and distributing the password recovery over a collection of machines.
File Systems Understood
The Forensics Toolkit Imager can read:
- All FAT.
- Ext2 and Ext3
- Locked systems like SAM/SYSTEM)
(See imager notes)
Image File Formats
File Search Facilities
- "View over 270 different file formats"
- Email search of Outlook, Outlook Express, AOL, Netscape, YAhoo, Earthlink, Eudora, Hotbal and others.
- Registry Viewer
Can it build timelines and search by creation date?
Can it search? Does it build an index? Can it focus on file types or particular kinds of metadata?
- Uses MD5 and SHA1.
- Uses hash databases from NIST and Hashkeeper.
- Create custom hashsets. ("Coming soon.")
Evidence Collection Features
Can it sign files? Does it keep an audit log?
Originally written in (YEAR), it has now developed into a Forensic Edition and an Enterprise Edition.
Is it commercial or open source? Are there other licensing options?