An Integrated Computer Forensics Solution
- Create images, analyze the registry, conduct an investigation, decrypt files, crack passwords, identify steganography, and build a report all with a single solution.
- Recover passwords from 100+ applications; harness idle CPUs across the network to decrypt files and perform robust dictionary attacks.
- KFF hash library with 45 million hashes.
- Supports the largest, most complex datasets.
- Never lose work due to a crash, because the FTK components are compartmentalized. (Example: If the GUI crashes, the Workers continue to process data.)
- Ability to back up and archive cases.
- Every copy of FTK 3 includes a total of 4 Workers to enable distributed processing – 1 on the examiner machine and 3 distributed. Coming soon!
- The solution easily expands to incorporate Lab capabilities, such as unlimited distributed processing, collaborative analysis, central case/task management and web review. This is of particular value to law enforcement and government computer forensic labs.
Powerful Processing and Speed
- The GUI is 10 times more responsive.
- Distributed processing allows you to leverage up to 3 additional computers to dramatically reduce processing time and tackle massive data sets. Coming soon!
- True multi-processor and multi-threading support that takes advantage of hardware advancements.
- Wizard-driven processing ensures no data is missed.Pre- and post-processing refinement allows you to control how images are processed.
- Cancel/Pause/Resume functionality
- Better real-time processing status
- CPU resource throttling
- New email notification upon processing completion
- Advanced data carving engine allows you to carve allocated and unallocated data and specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness.
- Optimized dtSearch integration delivers fast indexing and fast search results.
The Most Advanced Analytics
- RAM Dump AnalysisPowerful index search engine and a proper full-feature regular expression engine for binary searches.
- Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context, from 32-bit windows machines.
- For each process it will display: Name | Path | Start Time | Working Directory | Command Line| ProcessID | ParentID | MD5 | SHA1 | Fuzzy Hash | Size | Windows Title
- For each DLL: Name | Path | Process Name | ProcessID | ParentID |
- For Network Socket: Port | Protocol | Local Address | Remote Address | Remote Port | Process Name | ProcessID
- For Open Handles: Handle Type | Path | Access Mask | ProcessID
- Dump a process and associated DLLs for further analysis in third-party tools.
- Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated and dump the corresponding item. Coming soon!
- Process RAM captures for additional forensic artifacts, such as passwords, html pages, .lnk files and MS Office documents.
- Broad file system, compound file and email support.Supports popular encryption technologies, such as Credant, SafeBoot, Utimaco, EFS, PGP and Guardian Edge.
- Currently supported email types are: Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833
- Automatically identify potentially pornographic images, using LTU technologies’ image analysis tool as an add-on.
- Comprehensive Mac support
- Process B-Trees attributes for metadata
- PLIST support
- SQLite database support
- Apple DMG and DD_DMG disk image support
- Crack Sparse Images or Sparse Bundles
- JSON file support
Preview, Acquisition and Analysis of LIVE DATA
- Perform network-based, secure, single-system forensic acquisition of physical devices, logical volumes and RAM.Secure Remote Device Mounting
- The agent is easy to deploy.
- Doesn’t require a cumbersome installation and authentication process.
Intuitive Interface and Rich Functionality
- Easy-to-understand and easy-to-use GUI with pre-defined and customizable data views, advanced filtering, dockable windows and automated data categorization.
- Multiple data views allow users to analyze files in a number of different ways, such as native, hex, text and filtered.
- Full Unicode and Code Page support.
- Create detailed reports and output them into native format, HTML, PDF, XML, RTF, and more - with links back to the original evidence.
- Define Registry Supplemental Reports (RSR) During Pre-processing or Additional Analysis:
- Clear reporting on what files could not be processed or indexed with the Processing Exception/Case Info report.
- Create a CSV of the processed files that can be imported into Excel or a database application.
- Export MSGs for all supported email types.