THE INDUSTRY-STANDARD COMPUTER FORENSICS SOFTWARE USED BY GOVERNMENT AGENCIES & LAW ENFORCEMENT AROUND THE WORLD

SC Innovator 5 Star Forensic Toolkit® (FTK®) is recognized around the world as the standard in computer forensics software. This court-validated digital investigations platform delivers cutting-edge computer forensic analysis, decryption and password cracking software all within an intuitive and customizable interface. FTK 3 is built for speed, analytics and enterprise-class scalability. Known for its intuitive interface, email analysis, customizable data views and stability, FTK lays the framework for seamless expansion, so your computer forensics solution can grow with your organization’s needs. Forensic Toolkit 3 is now the most advanced computer forensics software available, providing functionality that normally only organizations with tens of thousands of dollars could afford. However, we are committed to making our technology available to all investigators and analysts, whether they are in law enforcement, education, a government agency, a Fortune 500 corporation, or performing digital investigations as a computer forensics service provider.

PRODUCT DETAILS:

AN INTEGRATED COMPUTER FORENSICS SOLUTION

Create images, analyze the registry, conduct an investigation, decrypt files, crack passwords, identify steganography, and build a report all with a single solution.
Recover passwords from 100+ applications; harness idle CPUs across the network to decrypt files and perform robust dictionary attacks.
KFF hash library with 45 million hashes.

ENTERPRISE-CLASS ARCHITECTURE

Supports large and complex datasets.
Never lose work due to a crash, because the FTK components are compartmentalized. (Example: If the GUI crashes, the Workers continue to process data.)
Ability to back up and archive cases.
Every copy of FTK 3 includes a total of 4 Workers to enable distributed processing – 1 on the examiner machine and 3 distributed.
NOTE:If you are interested in having multiple examiners share common workers and a central database, please contact your sales representative to inquire about AccessData Lab.
Distributed Processing requires powerful hardware and networking technology. Processing evidence is very disk IO intensive and requires fast drives. In addition, the machine that runs the Processing Manager must be the fastest computer (CPU) speed in the processing group. Finally, for peak performance you will need the fastest networking technology available to you. For details on configuring distributed processing, please see the following documents:
Configuring Distributed Processing with FTK 3
FTK 3 System Specifications Guide
The solution easily expands to incorporate Lab capabilities, such as the ability to leverage a centralized database infrastructure and shared distributed processing farm, as well as collaborative forensic analysis, central case/task management and Web review. This is of particular value to government and law enforcement computer forensics labs.

POWERFUL PROCESSING AND SPEED

The GUI is 10 times more responsive.
Distributed Processing allows you to leverage up to 3 additional computers to dramatically reduce processing time and tackle massive data sets.
True multi-processor and multi-threading support that takes advantage of hardware advancements.
Wizard-driven processing ensures no data is missed.
Cancel/Pause/Resume functionality
Enhanced real-time processing status
CPU resource throttling
New email notification upon processing completion
Pre- and post-processing refinement allows you to control how images are processed.
Advanced data carving engine allows you to carve allocated and unallocated data and specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness.
Optimized dtSearch integration delivers fast indexing and fast search results.

THE MOST ADVANCED ANALYTICS

The ONLY commercial computer forensics software product that supports both 32-bit and 64-bit Windows machines.
RAM Dump Analysis
Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
For each process it will display: Name | Path | Start Time | Working Directory | Command Line| ProcessID | ParentID | MD5 | SHA1 | Fuzzy Hash | Size | Windows Title
For each DLL: Name | Path | Process Name | ProcessID | ParentID |
For Network Socket: Port | Protocol | Local Address | Remote Address | Remote Port | Process Name | ProcessID
For Open Handles: Handle Type | Path | Access Mask | ProcessID
Dump a process and associated DLLs for further analysis in third-party tools.
Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
Process RAM captures for additional forensic artifacts, such as passwords, html pages, .lnk files and MS Office documents.
Powerful index search engine and a proper full-feature regular expression engine for binary searches.
Broad file system, compound file and email support.
Currently supported email types are: Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833
Process and analyze DMG (compressed and uncompressed), Ext4, exFAT, VxFS (Veritas File System), Microsoft VHD (Microsoft Virtual Hard Disk), and Blackberry IPD backup files.
Create and process Advanced Forensic Format (AFF) images.
Supports popular encryption technologies, such as Credant, SafeBoot, Utimaco, EFS, PGP, Guardian Edge, Sophos Enterprise and S/MIME.