Today, 24th August 2009, is the preview day for FTK 3.0.
Could this be the long awaited FTK product that FTK 2 should have been?
Several months ago a determined attempt was made by this author to get FTK 2.x working this failed. A few weeks ago another attempt was made to get FTK 2 working. This also failed, until AccessData’s technical support was called
The support from AccessData was superb: However it did take several hours, of continual assistance on the phone, to get FTK almost working. After a day or so FTK 2 was running. But the penalty was huge, and involved writing off two complete days to get FTK 2 running on a single machine (as well as the previously time wasted). The time penalty was so huge that FTK 2.x was not installed on any other machines as the time penalty was just too great.
Because FTK could not effectively (i.e. in realistic time scales) be installed on multiple machines in the same lab, its not currently being used by this author.
AccessData has had all the pieces in place to create a top of the range tool for a very long time, they have had indexing, file carving, reporting, a fantastic imaging tool and a brilliant registry viewer; one which knocks the spots of EnCase. They just can’t put them together [This is not strictly fair as FTK 1.x was also a great product but limited by its age]
AccessData let the market down by the FTK 2, however the company has moved on since then, new staff, new products, new outlook, and a revamped qualification.
The market were quite rightly angry at AccessData for the farce that was the FTK 2.0 release, but the anger was probably only so high as because people wanted so much from the new tool and had waited so long in so much anticipation.
The FTK 3 will be a different release. People are not as hopeful as they were with FTK 2, expectations are lower. This means that AccessData can’t fall as far.
In fact if FTK 3 works and can be installed easily people will probably be quietly happy. If, and its a big if, it can deliver what it says it can, it will be great tool.
Below is the marketing spiel about FTK 3
AccessData has announced the preview of Forensic Toolkit® 3.0 (FTK®) which will be demonstrated at HTCIA International on August 24th in Lake Tahoe, California. Below are just a few highlights of the FTK 3.0 release…
Reengineered for Improved Performance:
* UI Performance: The FTK GUI is 10 times more responsive across the board, even on machines with only 4GB of RAM.
* Indexing: Indexes quickly and search results populate fast, even with large result sets.
* Distributed Processing: Every copy of FTK 3 comes with 4 workers, allowing you to leverage CPU resources from up to 4 computers (3 distributed workers and 1 worker on the main FTK examiner system).
Compelling New Capabilities:
* RAM Analysis: Enumerate all running processes from 32-bit machines, search memory strings, and process RAM captures for passwords, html pages, lnk files and MS Office documents.
* Mac Analysis: Many new capabilities, such as processing B-Trees attributes for metadata, decrypting Sparse Images or Sparse Bundles, PLIST support, SQLite support and more.
* Pornographic Image Identification: Enables the automated detection and identification of pornographic images by analyzing visual features in the image to assess its actual visual content.
AccessData has pioneered digital investigations for twenty years, providing the technology and training that empower law enforcement, government agencies and corporations to perform computer investigations of any kind with speed and efficiency. Recognized throughout the world as an industry leader, AccessData delivers state-of-the-art computer forensic, network forensic, password cracking and decryption solutions. AccessData’s Forensic Toolkit® and enterprise investigative solutions enable examiners to search for, analyze and forensically preserve electronic evidence for the purposes of criminal investigations, internal investigations, incident response and eDiscovery. AccessData is also a leading provider of digital forensics training and certification with its much sought after AccessData Certified Examiners (ACE) program. For more information on AccessData visit http://www.accessdata.com.