Welcome!

News Feed Item

Advanced Forensic Technologies Uncover Lost and Hidden Evidence Faster Across Computing Devices

The big challenges digital investigators face is the time and effort required to sift through the sheer volume of case data across their devices. They use several third party solutions to handle specific tasks which add greater complexity and resources. AccessData, the leader in incident resolution technology, eliminates some of these challenges with the introduction of Forensic Toolkit (FTK) version 5.1 with native forensic investigative capability of Microsoft’s Volume Shadow Copy (VSC). This new platform allows for advanced integration and enhanced visibility into all digital elements and artifacts to ensure that evidence is not missed.

“With the increase in case work caused by the frequency and complexity of digital investigations, forensic examiners need an easy-to-use platform that enables a quicker path to evidence discovery," said Brian Karney, AccessData’s COO & President. “FTK’s VSC support allows investigators to easily identify and quickly examine ‘digital artifacts’ across different points in time, while leveraging all of the advanced features of FTK.”

Digital investigators using FTK can now quickly examine file system snapshots captured by Microsoft’s Volume Shadow Copy (VSC) technology. Unlike other solutions, FTK gives organizations access to VSC without the need for additional time-consuming manual processes or use of third party tools. This translates into a seamless, more efficient evidence-analysis process, thereby speeding the overall investigation.

"Volume Shadow Copies (VSCs) are extremely useful in digital forensics,” said Neil Broom, Laboratory Director of Technical Resource Center, an American Society of Crime Laboratory Directors (ASCLD) Accredited Lab. “Using VSCs, we have successfully proven that spoliations had been attempted on a hard drive through the use of anti-forensics tools (i.e. CCleaner). After CCleaner was run, the hard drive showed no evidence of the proprietary data we were looking for. After examining the VSCs, we were able to recover destroyed Registry files that proved the proprietary data had been accessed on that computer. The VSCs showed a ‘snapshot-in-time’ of when these files were active on the hard drive and when they were deleted.”

In addition to retrieving metadata for deleted files, VSC analysis with FTK provides a system point-in-time history that serves as a chronology of how documents, user activity, programs and other artifacts have changed over time. For example, this could reveal relevant evidence that resided in a document at some point in the past but was intentionally changed and would not be recoverable any other way – a major stumbling block in digital investigations.

Advanced Geolocation Visualization

FTK also includes evidence geomapping, a new data visualization feature, which allows investigators to see on a map the geographic location of evidence items containing geolocation information. This saves valuable time by providing a visual depiction of where digital activities and actions took place (a digital crime scene reconstruction) that may be used as irrefutable evidence in a case.

Other 5.1 features include:

  • Deeper integration with AccessData’s Password Recovery Toolkit®, industry-leading decryption technology; PRTK®. This integration allows users to right-click on an encrypted file and decrypt it on-the-fly. This option keeps investigators’ workflow simple and allows them to spend more time reviewing evidence instead of manually engaging in the file decryption process.
  • Improved organization of Internet Explorer® 9 Internet artifacts and web page reconstruction. This provides granular groupings of: IE Cache Entries, IE Cookies Entries, IE History Entries, IE Download Entries, and MSIE Recovery Data Entries as well as an integrated semantic keyword expansion capability to help examiners leverage additional keywords that may be related, specific, general or synonymous, enhancing search scope.
  • Support for Microsoft Resilient File System (MS ReFS) found in Windows 8 and Windows Server 2012.

To download FTK 5.1 or learn more about additional features included in the release, please visit www.accessdata.com

About Forensic Toolkit® (FTK®)

Given 5 stars several years running and a recommended designation from SC Magazine, AccessData's flagship product, Forensic Toolkit, has forged a category all its own by delivering a radically different architecture than other forensic tools, more advanced capabilities and a different approach to processing and analysis. The database-driven solution introduced distributed processing, integrated volatile data and memory analysis, the most comprehensive Apple® OS analysis of any other Windows-based forensics product and built-in decryption capabilities. FTK is truly an enterprise-class investigative platform, allowing examiners to remotely preview and acquire computers and handle massive volumes of data with unmatched speed and accuracy.

Additional Resources

FTK 5.1 What’s new? Video

Product Brochures, White Papers Case Studies and Additional Videos

About AccessData

AccessData Group makes the world’s most advanced and intuitive incident resolution solutions. AccessData technology delivers comprehensive, real-time insight, analysis, response and resolution of data incidents, including cyberthreats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events, and overwhelming data variety and volume (i.e. “Big Data”). Over 130,000 users in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software to protect them against the risks present in today’s environment of continuous compromise. http://accessdata.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Announcing Poland #DigitalTransformation Pavilion
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
CloudEXPO | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...