AccessData Ultimate Toolkit
August 31, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
The product has industrial-strength decryption software and good search facilities.
Although the software included our streamed data in its search and display features, it did not specifically indicate that these files existed.
The Ultimate Toolkit provides a good range of tools that address most of the areas of interest.
AccessData's Ultimate Toolkit has several independent components, which can be purchased separately. The software is also protected by USB dongles, providing an extra layer of security.
The two password recovery programs are good examples of the sort of tools that need protecting. The first program, the Password Recovery Toolkit, is able to recover Windows passwords from the SAM and the Registry, and the PWL files in Windows 9X systems. The toolkit can also recover data from files and directories protected by the Encrypted File System.
The other password recovery program, the Distributed Network Attack, uses several computers to crack passwords and recover information from encrypted files, useful when there are time constraints.
Another useful component is the Registry viewer. It can access data, such as hidden passwords from the Windows registry, and examine registry files from other systems.
The main component is the Forensic Tool Kit, which is designed to assist in gathering evidence for a variety of purposes. We used it to create an image of our "suspicious" hard drive, and to create a set of indices that could then be used for keyword searches.
The software was not fooled by our attempts to disguise various files, and correctly discovered and displayed details about the hidden executable and graphic files. It did not detect our streamed files, and there was nothing to indicate that these files were anything other than normal NTFS files.
However, the hidden data did appear in the explorer view if a streamed file was examined, and the search engine also found search strings in the hidden stream. String searching extended to the contents of free space and to the page file, as well as ordinary files. There are a number of search options, including the ability to make cumulative searches, and to use search broadening filters such as stemming, phonic equivalence and fuzzy logic.
Search strings can also include special wildcard characters that modify the matching process. The system could list the files stored in password-protected zip archives, but could not display the contents.
SC Magazine Articles
- Cerber ransomware strain now targeting Office 365 users
- Critical infrastructure in Europe exposed to hackers
- Deal with the devil: Ransomware experiment proves you can negotiate price down
- WordPress Summer of Pwnage: 64 holes in 21 days
- Cerber ransomware C&C server shut down by research firm and CERT-Netherlands
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- WhatsApp in the spotlight after Turkey publishes messages of coup officers
- For the incoming federal CISO: Focus on the human side of cybersecurity
- Audit: FBI's threat prioritization process too subjective and sluggish
- 2.3 million 'Warframe,' 'Clash of Kings' accounts compromised
- MS-ISAC official: Ransomware top priority