Welcome!

News Feed Item

Advanced Forensic Technologies Uncover Lost and Hidden Evidence Faster Across Computing Devices

The big challenges digital investigators face is the time and effort required to sift through the sheer volume of case data across their devices. They use several third party solutions to handle specific tasks which add greater complexity and resources. AccessData, the leader in incident resolution technology, eliminates some of these challenges with the introduction of Forensic Toolkit (FTK) version 5.1 with native forensic investigative capability of Microsoft’s Volume Shadow Copy (VSC). This new platform allows for advanced integration and enhanced visibility into all digital elements and artifacts to ensure that evidence is not missed.

“With the increase in case work caused by the frequency and complexity of digital investigations, forensic examiners need an easy-to-use platform that enables a quicker path to evidence discovery," said Brian Karney, AccessData’s COO & President. “FTK’s VSC support allows investigators to easily identify and quickly examine ‘digital artifacts’ across different points in time, while leveraging all of the advanced features of FTK.”

Digital investigators using FTK can now quickly examine file system snapshots captured by Microsoft’s Volume Shadow Copy (VSC) technology. Unlike other solutions, FTK gives organizations access to VSC without the need for additional time-consuming manual processes or use of third party tools. This translates into a seamless, more efficient evidence-analysis process, thereby speeding the overall investigation.

"Volume Shadow Copies (VSCs) are extremely useful in digital forensics,” said Neil Broom, Laboratory Director of Technical Resource Center, an American Society of Crime Laboratory Directors (ASCLD) Accredited Lab. “Using VSCs, we have successfully proven that spoliations had been attempted on a hard drive through the use of anti-forensics tools (i.e. CCleaner). After CCleaner was run, the hard drive showed no evidence of the proprietary data we were looking for. After examining the VSCs, we were able to recover destroyed Registry files that proved the proprietary data had been accessed on that computer. The VSCs showed a ‘snapshot-in-time’ of when these files were active on the hard drive and when they were deleted.”

In addition to retrieving metadata for deleted files, VSC analysis with FTK provides a system point-in-time history that serves as a chronology of how documents, user activity, programs and other artifacts have changed over time. For example, this could reveal relevant evidence that resided in a document at some point in the past but was intentionally changed and would not be recoverable any other way – a major stumbling block in digital investigations.

Advanced Geolocation Visualization

FTK also includes evidence geomapping, a new data visualization feature, which allows investigators to see on a map the geographic location of evidence items containing geolocation information. This saves valuable time by providing a visual depiction of where digital activities and actions took place (a digital crime scene reconstruction) that may be used as irrefutable evidence in a case.

Other 5.1 features include:

  • Deeper integration with AccessData’s Password Recovery Toolkit®, industry-leading decryption technology; PRTK®. This integration allows users to right-click on an encrypted file and decrypt it on-the-fly. This option keeps investigators’ workflow simple and allows them to spend more time reviewing evidence instead of manually engaging in the file decryption process.
  • Improved organization of Internet Explorer® 9 Internet artifacts and web page reconstruction. This provides granular groupings of: IE Cache Entries, IE Cookies Entries, IE History Entries, IE Download Entries, and MSIE Recovery Data Entries as well as an integrated semantic keyword expansion capability to help examiners leverage additional keywords that may be related, specific, general or synonymous, enhancing search scope.
  • Support for Microsoft Resilient File System (MS ReFS) found in Windows 8 and Windows Server 2012.

To download FTK 5.1 or learn more about additional features included in the release, please visit www.accessdata.com

About Forensic Toolkit® (FTK®)

Given 5 stars several years running and a recommended designation from SC Magazine, AccessData's flagship product, Forensic Toolkit, has forged a category all its own by delivering a radically different architecture than other forensic tools, more advanced capabilities and a different approach to processing and analysis. The database-driven solution introduced distributed processing, integrated volatile data and memory analysis, the most comprehensive Apple® OS analysis of any other Windows-based forensics product and built-in decryption capabilities. FTK is truly an enterprise-class investigative platform, allowing examiners to remotely preview and acquire computers and handle massive volumes of data with unmatched speed and accuracy.

Additional Resources

FTK 5.1 What’s new? Video

Product Brochures, White Papers Case Studies and Additional Videos

About AccessData

AccessData Group makes the world’s most advanced and intuitive incident resolution solutions. AccessData technology delivers comprehensive, real-time insight, analysis, response and resolution of data incidents, including cyberthreats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events, and overwhelming data variety and volume (i.e. “Big Data”). Over 130,000 users in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software to protect them against the risks present in today’s environment of continuous compromise. http://accessdata.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Get deep visibility into the performance of your databases and expert advice for performance optimization and tuning. You can't get application performance without database performance. Give everyone on the team a comprehensive view of how every aspect of the system affects performance across SQL database operations, host server and OS, virtualization resources and storage I/O. Quickly find bottlenecks and troubleshoot complex problems.
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York. Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flo...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, attendees learned about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how ...
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Effectively SMBs and government programs must address compounded regulatory compliance requirements. The most recent are Controlled Unclassified Information and the EU's GDPR have Board Level implications. Managing sensitive data protection will likely result in acquisition criteria, demonstration requests and new requirements. Developers, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by incorporating changes. In...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
"Qosmos has launched L7Viewer, a network traffic analysis tool, so it analyzes all the traffic between the virtual machine and the data center and the virtual machine and the external world," stated Sebastien Synold, Product Line Manager at Qosmos, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.