Review: Forensic Toolkit v2.0

By

Forensic Toolkit (FTK) is one of the most full-featured sets of products. It includes a forensic imager utility, a registry viewer facility and the Distributed Network Attack, which aids password recovery with the password recovery toolkit.

For: Excellent all-round product
Against: Licence installation can be slightly confusing for first-time users
Verdict: Access Data's Forensic Toolkit 2.0 is a great product that is well put together and worth several times the price. Best Buy

Review: Forensic Toolkit v2.0
The earlier 1.7 version's primary screen was a grey with many buttons for performing different parts of a forensic investigation. Version 2.0 has a sleeker interface with a tab-based design, but still felt a bit cluttered, thanks to the different windows on each of the tabs that were opened by default.

The FTK Imager utility was able to create a forensic image of the 1GB drive in less than three minutes. The import into the FTK interface took 30 minutes. A new feature allows the investigator to work with the data while it is being imported into the program.

FTK was able to discover the deleted executable, directory and file and could even reconstruct the deleted picture. It detected the password-protected zip file and showed the file contents, but could not open the zip without the password-recovery toolkit.

FTK also found the password-protected Microsoft Word file, but did not spot the steganographed files. The solution includes data-carving features that allow the drive's slack space to be searched for file fragments. The only problems were that the application would crash with large email investigations and only recognised VMWare disk files as flat files and not virtual file systems.

The installation was simple and complex at the same time. The software went in as part of an auto-run utility and the interface for installation was very well laid out. The tricky part was trying to get the licence dongle recognised.

It took several attempts to get the driver installed correctly as the XP OS would recognise the licence fob as a flash drive. Once the driver was set up it was necessary to contact the Access Data server to get the correct licences set up on the fob. This required a call to tech support.

The help file for FTK is the best we have ever seen. It walks you through using the utility with such detail you can learn the tool inside out from the manual.

The pricing for FTK is US$2,995, which is at the low end of the price spectrum, making this an excellent value
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
forensicsecuritytoolkit

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?