Archives For August 2010

84 pages on forensics super-timelining -> http://bit.ly/drh1XH. Nice work, Kristinn! #forensics
@chadtilbury
Chad Tilbury

Note: This post originally appeared on the SANS Forensics blog

Welcome to part two of my FTK v3 review.  If you have not read the first post, it can be found here.  Forensic suites are notoriously difficult to review because of the sheer number of features they include.  We are lucky within the computer forensic community to have multiple vendors operating in a highly competitive environment.  As such, the core forensic suites continue to add functionality.  I have chosen to highlight a few of the new(er) features within Access Data’s Forensic Toolkit (FTK).  I interact with a lot of folks who are building forensic capabilities within their organizations, often with a limited budget.  With the new additions to FTK, I find myself recommending it more and more.  For the typical forensic shop it really does have a lot of bang for the buck.  Here are two additional “value-adds” that I didn’t have room to cover in my first post:

Continue Reading…

Note: This post originally appeared on the SANS Forensics blog

When it comes to computer forensic tools, I consider myself to be somewhat of a late adopter.  I love to play with the latest tool release, but when it comes to what I’m actually going to use in my lab, I prefer to have a mature product.  It takes too much time to test and validate tools to waste time on buggy or incomplete versions.  So, I finally made the jump (back) to Access Data’s Forensic Toolkit (FTK) in its 3.1 version.  Like many forensic professionals I know, I sat out the “lost generation” of FTK v2.  However, if you haven’t taken a look recently, version 3 will likely surprise you.

I don’t expect tool suites to solve all of my forensic problems, but I do appreciate the breadth of capabilities they can provide in one package.  FTK v3 excels at facilitating keyword searches, graphics review, email archive parsing, compound file extraction, and has an excellent collection of built-in file viewers.  I have neither the blog space nor the energy to go into each of these, but I would put FTK at the top of my tool list for any of these activities.  However, I would like to cover a few of the new or updated features I have found useful.

Continue Reading…