Product Information

AccessData Forensic Toolkit v3.0

starstarstarstarstar

by Keith Gilbert August 02, 2010
Vendor:

AccessData

Product:

Forensic Toolkit

Website:

http://www.accessdata.com/

Price

$2,995

0810 GT 1 Access Data

RATING BREAKDOWN

  • Features:
    starstarstarstarstar
  • Ease of Use:
    starstarstarstar
  • Performance:
    starstarstarstarstar
  • Documentation:
    starstarstarstarstar
  • Support:
    starstarstarstar
  • Value for Money:
    starstarstarstarstar
  • Overall Rating:
    starstarstarstarstar

QUICK READ

  • Strengths: Feature-rich, very thorough, a forensic Swiss Army knife.
  • Weaknesses: Steep system requirements.
  • Verdict: One of the top forensics suites out there, even if it does require a beast of a machine to run.
AccessData's Forensic Toolkit (FTK) is a well-rounded, feature-rich application that is one of the best all-in-one forensic products available. The most notable addition to this newest version of FTK is the Remote Device Mounting Services (RDMS). This allows the user to perform a memory dump and acquire an image of a remote machine.

Installation of FTK is pretty straightforward, albeit time-consuming. This latest iteration now requires an Oracle database (included) to be installed along with the application itself. However, this process is mostly automated, requiring little assistance from the user.

FTK should not be installed on just any machine, as the requirements are demanding. For example, the ideal amount of RAM for the graphical user interface (GUI) and database machines are 8 GB and 12 GB respectively. Access Data also says the ideal storage for the database is a 250-plus GB solid state drive dedicated exclusively to Oracle.

The GUI for FTK, at first glance, is rather intimidating. It is clustered with many windows, tabs and buttons. If you are familiar with older versions, you might need to take some time to relearn the new setup.

Creating a new case and acquiring an image are fairly simple tasks. Without the proper hardware, this task may take some time, especially when using the new RDMS feature. When acquiring an image, FTK gives you many options, including data carving, deleted file recovery, registry recovery and listing of HTML files. Once the image is loaded, browsing through the contents of the acquired drive is straightforward and intuitive.

Figuring out the filtering feature was a bit more difficult. However, once an investigation is complete, FTK has an excellent reporting feature, as it creates reports on the fly.

Documentation is comprehensive and does a great job of covering everything.

AccessData offers phone, email and web support. This, however, is not included in the price. An additional $840 per year charge is required to receive unlimited telephone support, as well as product updates.

Related Group Test

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US