Welcome!

News Feed Item

Advanced Forensic Technologies Uncover Lost and Hidden Evidence Faster Across Computing Devices

The big challenges digital investigators face is the time and effort required to sift through the sheer volume of case data across their devices. They use several third party solutions to handle specific tasks which add greater complexity and resources. AccessData, the leader in incident resolution technology, eliminates some of these challenges with the introduction of Forensic Toolkit (FTK) version 5.1 with native forensic investigative capability of Microsoft’s Volume Shadow Copy (VSC). This new platform allows for advanced integration and enhanced visibility into all digital elements and artifacts to ensure that evidence is not missed.

“With the increase in case work caused by the frequency and complexity of digital investigations, forensic examiners need an easy-to-use platform that enables a quicker path to evidence discovery," said Brian Karney, AccessData’s COO & President. “FTK’s VSC support allows investigators to easily identify and quickly examine ‘digital artifacts’ across different points in time, while leveraging all of the advanced features of FTK.”

Digital investigators using FTK can now quickly examine file system snapshots captured by Microsoft’s Volume Shadow Copy (VSC) technology. Unlike other solutions, FTK gives organizations access to VSC without the need for additional time-consuming manual processes or use of third party tools. This translates into a seamless, more efficient evidence-analysis process, thereby speeding the overall investigation.

"Volume Shadow Copies (VSCs) are extremely useful in digital forensics,” said Neil Broom, Laboratory Director of Technical Resource Center, an American Society of Crime Laboratory Directors (ASCLD) Accredited Lab. “Using VSCs, we have successfully proven that spoliations had been attempted on a hard drive through the use of anti-forensics tools (i.e. CCleaner). After CCleaner was run, the hard drive showed no evidence of the proprietary data we were looking for. After examining the VSCs, we were able to recover destroyed Registry files that proved the proprietary data had been accessed on that computer. The VSCs showed a ‘snapshot-in-time’ of when these files were active on the hard drive and when they were deleted.”

In addition to retrieving metadata for deleted files, VSC analysis with FTK provides a system point-in-time history that serves as a chronology of how documents, user activity, programs and other artifacts have changed over time. For example, this could reveal relevant evidence that resided in a document at some point in the past but was intentionally changed and would not be recoverable any other way – a major stumbling block in digital investigations.

Advanced Geolocation Visualization

FTK also includes evidence geomapping, a new data visualization feature, which allows investigators to see on a map the geographic location of evidence items containing geolocation information. This saves valuable time by providing a visual depiction of where digital activities and actions took place (a digital crime scene reconstruction) that may be used as irrefutable evidence in a case.

Other 5.1 features include:

  • Deeper integration with AccessData’s Password Recovery Toolkit®, industry-leading decryption technology; PRTK®. This integration allows users to right-click on an encrypted file and decrypt it on-the-fly. This option keeps investigators’ workflow simple and allows them to spend more time reviewing evidence instead of manually engaging in the file decryption process.
  • Improved organization of Internet Explorer® 9 Internet artifacts and web page reconstruction. This provides granular groupings of: IE Cache Entries, IE Cookies Entries, IE History Entries, IE Download Entries, and MSIE Recovery Data Entries as well as an integrated semantic keyword expansion capability to help examiners leverage additional keywords that may be related, specific, general or synonymous, enhancing search scope.
  • Support for Microsoft Resilient File System (MS ReFS) found in Windows 8 and Windows Server 2012.

To download FTK 5.1 or learn more about additional features included in the release, please visit www.accessdata.com

About Forensic Toolkit® (FTK®)

Given 5 stars several years running and a recommended designation from SC Magazine, AccessData's flagship product, Forensic Toolkit, has forged a category all its own by delivering a radically different architecture than other forensic tools, more advanced capabilities and a different approach to processing and analysis. The database-driven solution introduced distributed processing, integrated volatile data and memory analysis, the most comprehensive Apple® OS analysis of any other Windows-based forensics product and built-in decryption capabilities. FTK is truly an enterprise-class investigative platform, allowing examiners to remotely preview and acquire computers and handle massive volumes of data with unmatched speed and accuracy.

Additional Resources

FTK 5.1 What’s new? Video

Product Brochures, White Papers Case Studies and Additional Videos

About AccessData

AccessData Group makes the world’s most advanced and intuitive incident resolution solutions. AccessData technology delivers comprehensive, real-time insight, analysis, response and resolution of data incidents, including cyberthreats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events, and overwhelming data variety and volume (i.e. “Big Data”). Over 130,000 users in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software to protect them against the risks present in today’s environment of continuous compromise. http://accessdata.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
“DevOps is really about the business. The business is under pressure today, competitively in the marketplace to respond to the expectations of the customer. The business is driving IT and the problem is that IT isn't responding fast enough," explained Mark Levy, Senior Product Marketing Manager at Serena Software, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Cloud Expo, Inc. has announced today that Aruna Ravichandran, vice president of DevOps Product and Solutions Marketing at CA Technologies, has been named co-conference chair of DevOps at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Translating agile methodology into real-world best practices within the modern software factory has driven widespread DevOps adoption, yet much work remains to expand workflows and tooling across the enterprise. As models evolve from pockets of experimentation into wholescale organizational reinvention, practitioners find themselves challenged to incorporate the culture and architecture necessary to support DevOps at scale. In his session at @DevOpsSummit at 20th Cloud Expo, Anand Akela, Senior...
Join IBM November 2 at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how to go beyond multi-speed it to bring agility to traditional enterprise applications. Technology innovation is the driving force behind modern business and enterprises must respond by increasing the speed and efficiency of software delivery. The challenge is that existing enterprise applications are expensive to develop and difficult to modernize. This often results in what Gartner calls ...