AccessData Ultimate Toolkit
August 31, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
The product has industrial-strength decryption software and good search facilities.
Although the software included our streamed data in its search and display features, it did not specifically indicate that these files existed.
The Ultimate Toolkit provides a good range of tools that address most of the areas of interest.
AccessData's Ultimate Toolkit has several independent components, which can be purchased separately. The software is also protected by USB dongles, providing an extra layer of security.
The two password recovery programs are good examples of the sort of tools that need protecting. The first program, the Password Recovery Toolkit, is able to recover Windows passwords from the SAM and the Registry, and the PWL files in Windows 9X systems. The toolkit can also recover data from files and directories protected by the Encrypted File System.
The other password recovery program, the Distributed Network Attack, uses several computers to crack passwords and recover information from encrypted files, useful when there are time constraints.
Another useful component is the Registry viewer. It can access data, such as hidden passwords from the Windows registry, and examine registry files from other systems.
The main component is the Forensic Tool Kit, which is designed to assist in gathering evidence for a variety of purposes. We used it to create an image of our "suspicious" hard drive, and to create a set of indices that could then be used for keyword searches.
The software was not fooled by our attempts to disguise various files, and correctly discovered and displayed details about the hidden executable and graphic files. It did not detect our streamed files, and there was nothing to indicate that these files were anything other than normal NTFS files.
However, the hidden data did appear in the explorer view if a streamed file was examined, and the search engine also found search strings in the hidden stream. String searching extended to the contents of free space and to the page file, as well as ordinary files. There are a number of search options, including the ability to make cumulative searches, and to use search broadening filters such as stemming, phonic equivalence and fuzzy logic.
Search strings can also include special wildcard characters that modify the matching process. The system could list the files stored in password-protected zip archives, but could not display the contents.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes