AccessData Ultimate Toolkit
August 31, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
The product has industrial-strength decryption software and good search facilities.
Although the software included our streamed data in its search and display features, it did not specifically indicate that these files existed.
The Ultimate Toolkit provides a good range of tools that address most of the areas of interest.
AccessData's Ultimate Toolkit has several independent components, which can be purchased separately. The software is also protected by USB dongles, providing an extra layer of security.
The two password recovery programs are good examples of the sort of tools that need protecting. The first program, the Password Recovery Toolkit, is able to recover Windows passwords from the SAM and the Registry, and the PWL files in Windows 9X systems. The toolkit can also recover data from files and directories protected by the Encrypted File System.
The other password recovery program, the Distributed Network Attack, uses several computers to crack passwords and recover information from encrypted files, useful when there are time constraints.
Another useful component is the Registry viewer. It can access data, such as hidden passwords from the Windows registry, and examine registry files from other systems.
The main component is the Forensic Tool Kit, which is designed to assist in gathering evidence for a variety of purposes. We used it to create an image of our "suspicious" hard drive, and to create a set of indices that could then be used for keyword searches.
The software was not fooled by our attempts to disguise various files, and correctly discovered and displayed details about the hidden executable and graphic files. It did not detect our streamed files, and there was nothing to indicate that these files were anything other than normal NTFS files.
However, the hidden data did appear in the explorer view if a streamed file was examined, and the search engine also found search strings in the hidden stream. String searching extended to the contents of free space and to the page file, as well as ordinary files. There are a number of search options, including the ability to make cumulative searches, and to use search broadening filters such as stemming, phonic equivalence and fuzzy logic.
Search strings can also include special wildcard characters that modify the matching process. The system could list the files stored in password-protected zip archives, but could not display the contents.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Cybercriminals already able to hack ATM biometric readers
- 185M incidents bypassed perimeter defenses - report
- OVH suffers massive 1.1Tbps DDoS attack
- IoT assault, connected devices increasingly used for DDoS attacks
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- UPDATE: Petya ransomware leverages Dropbox and overwrites hard drives
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Report on POS campaign provides peek into scalable tactics of cybercrime duo
- Yahoo! data breach likely exceeds 500 million records
- Boards taking more cyber seriously, driven by regulatory requirements, report finds
- Curtain closes on Ransomware Encryptor RaaS, but with master key
- BIND update fixes high-severity flaw affecting ICS, as CERT releases update to CSET tool