AccessData Forensic Suite
May 01, 2013
MPE Plus: $3,000; FTK: $2,995; and AD Triage: $1,500
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A host of tools that enable a thorough and organized investigation.
- Weaknesses: Some of the software tools may not be quickly understood by beginners.
- Verdict: The three-product platform provides a solid foundation for any digital forensic investigation. For a full-feature package, this earns our Recommended designation.
There are three products in AccessData's forensic suite that every digital forensic investigator needs: Mobile Phone Examiner (MPE) Plus, Forensic Toolkit (FTK) and AD Triage. The compatibility of the three tools enables the user to complete a thorough and organized investigation.
MPE Plus is a software solution for mobile phone extraction and analysis. It supports more than 6,800 devices, including the iPhone, iPad, Android, BlackBerry and MediaTek (MTK) Chinese devices.
The installation process is simple and took us only about 20 minutes. The interface is organized with three well-labeled menus, and tools that are graphically displayed cleanly. The interface allows the user to manipulate and examine data with a host of tools, allowing for a functional, effective approach. The automated results are generated from the app and can be exported or printed.
FTK is a digital investigation platform built for speed, analytics and scalability. Known for its intuitive interface, email analysis capability, customizable data views and stability, it lays the framework for seamless expansion so one's computer forensic solution can grow with an organization's needs. Additionally, FTK integrates with optional expansion modules to provide malware analysis capability and state-of-the-art visualization.
AD Triage is an easy-to-use, forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. AD Triage is ideal for users who are inexperienced with computer forensic software, but need to preserve evidence in the field. Installation of this component is simple. It takes only three steps. Triage is segregated into two different interfaces: administrator and receiver. The administration interface is used to manage and configure removable media devices and to review and store all collected data. The receiver interface is employed for target systems to collect data to a USB device or to a network-connected computer.
Once licenses have been obtained and the devices installed, one can grab the data essential to an investigation. The profile is published and assigned to the removable device desired. The device can then be plugged into the computer from which the information will be extracted. This is done by running the Triage agent application file. If the computer is not in active state, then the user should use a bootable CD/DVD or USB. The run process will activate the interface and the extraction process is started. All the files that were required when creating the profile of the device are going to be sorted and can then be exported to the device or a remote destination that is specified.
Finally, the file collection from the field can be reviewed and a report generated and stored to the investigator's lab computer. The AccessData suite offers support and documentation in a variety of forms: via phone, email, web, discussion forums and a user guide.
Each of the products has to be purchased separately as these applications are not bundled together as a suite. However, at a total price of $7,495 for all three tools, the simplicity, functionality and management capabilities that can be applied to the analyzed data well justify the expense.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes