AccessData Ultimate Toolkit
August 31, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
The product has industrial-strength decryption software and good search facilities.
Although the software included our streamed data in its search and display features, it did not specifically indicate that these files existed.
The Ultimate Toolkit provides a good range of tools that address most of the areas of interest.
AccessData's Ultimate Toolkit has several independent components, which can be purchased separately. The software is also protected by USB dongles, providing an extra layer of security.
The two password recovery programs are good examples of the sort of tools that need protecting. The first program, the Password Recovery Toolkit, is able to recover Windows passwords from the SAM and the Registry, and the PWL files in Windows 9X systems. The toolkit can also recover data from files and directories protected by the Encrypted File System.
The other password recovery program, the Distributed Network Attack, uses several computers to crack passwords and recover information from encrypted files, useful when there are time constraints.
Another useful component is the Registry viewer. It can access data, such as hidden passwords from the Windows registry, and examine registry files from other systems.
The main component is the Forensic Tool Kit, which is designed to assist in gathering evidence for a variety of purposes. We used it to create an image of our "suspicious" hard drive, and to create a set of indices that could then be used for keyword searches.
The software was not fooled by our attempts to disguise various files, and correctly discovered and displayed details about the hidden executable and graphic files. It did not detect our streamed files, and there was nothing to indicate that these files were anything other than normal NTFS files.
However, the hidden data did appear in the explorer view if a streamed file was examined, and the search engine also found search strings in the hidden stream. String searching extended to the contents of free space and to the page file, as well as ordinary files. There are a number of search options, including the ability to make cumulative searches, and to use search broadening filters such as stemming, phonic equivalence and fuzzy logic.
Search strings can also include special wildcard characters that modify the matching process. The system could list the files stored in password-protected zip archives, but could not display the contents.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!