Difference between revisions of "Forensic Toolkit"

From ForensicsWiki
Jump to: navigation, search
(Infobox and categories.)
(Merged with data that was on AccessData page)
Line 12: Line 12:
 
=Features=
 
=Features=
  
==File Systems Understood==
+
The Forensic toolkit can parse a number of filesystems, including [[FAT]] 12/16/32, [[NTFS]], NTFS Compressed, [[Ext2]], and [[Ext3]]. It can use image files created by [[Encase]], [[SMART]], [[Snapback]], some versions of [[Safeback]] and [[dd]].
  
* Outlook (PST)
+
The program allows users to search with keywords or take advantage of [[drive indexing]] using  the [[dtSearch]] algorithm.
* AOL
+
* Web based email like Yahoo and Hotmail
+
* Eudora
+
* MSN Mail
+
* [[NTFS]]
+
* [[FAT]]
+
* [[Ext2]], [[Ext3]]
+
* Compressed files with [[WinZip]], [[GZip]], [[Tar]] and others
+
  
==File Search Facilities==
+
== Data Reduction ==
  
* Lists allocated and unallocated files.
+
The Known File Filter, or KFF, can be used to eliminate or highlight known files using [[MD5]] hashes generated by user or from [[National Software Reference Library|NIST]] or [[Hashkeeper]].
* Sorts files by type.
+
* Searches for keywords and regular expressions.
+
  
==Historical Reconstruction==
+
== External Links ==
  
Can it build timelines and search by creation date?
+
[http://www.accessdata.com/catalog/partdetail.aspx?partno=11000 Forensic Toolkit information from AccessData]
 
+
==Searching Abilities==
+
 
+
* Can use basic keyword searching.
+
* Offers full-text indexing powered by [[dtSearch]].
+
* Search can be focused on "Internet text".
+
 
+
==Hash Databases==
+
 
+
* [[MD5]].
+
* Searches with "Known File Filter" ([[NIST]] and [[Hashkeeper]]).
+
 
+
==Evidence Collection Features==
+
 
+
Can it sign files? Does it keep an audit log?
+
 
+
=History=
+
 
+
==License Notes==
+
 
+
Is it commercial or open source? Are there other licensing options?
+
 
+
=External Links=
+
 
+
==External Reviews==
+

Revision as of 20:08, 26 February 2007

Forensic Toolkit (FTK)
Maintainer: AccessData
OS: Windows
Genre: Analysis
License: Commercial
Website: accessdata.com/products/ftk/

The Forensic Toolkit (FTK) is a commercial forensic software package distributed by AccessData.

Features

The Forensic toolkit can parse a number of filesystems, including FAT 12/16/32, NTFS, NTFS Compressed, Ext2, and Ext3. It can use image files created by Encase, SMART, Snapback, some versions of Safeback and dd.

The program allows users to search with keywords or take advantage of drive indexing using the dtSearch algorithm.

Data Reduction

The Known File Filter, or KFF, can be used to eliminate or highlight known files using MD5 hashes generated by user or from NIST or Hashkeeper.

External Links

Forensic Toolkit information from AccessData