Content

AccessData Forensic Toolkit v3.0

AccessData's Forensic Toolkit (FTK) is a well-rounded, feature-rich application that is one of the best all-in-one forensic products available. The most notable addition to this newest version of FTK is the Remote Device Mounting Services (RDMS). This allows the user to perform a memory dump and acquire an image of a remote machine.

Installation of FTK is pretty straightforward, albeit time-consuming. This latest iteration now requires an Oracle database (included) to be installed along with the application itself. However, this process is mostly automated, requiring little assistance from the user.

FTK should not be installed on just any machine, as the requirements are demanding. For example, the ideal amount of RAM for the graphical user interface (GUI) and database machines are 8 GB and 12 GB respectively. Access Data also says the ideal storage for the database is a 250-plus GB solid state drive dedicated exclusively to Oracle.

The GUI for FTK, at first glance, is rather intimidating. It is clustered with many windows, tabs and buttons. If you are familiar with older versions, you might need to take some time to relearn the new setup.

Creating a new case and acquiring an image are fairly simple tasks. Without the proper hardware, this task may take some time, especially when using the new RDMS feature. When acquiring an image, FTK gives you many options, including data carving, deleted file recovery, registry recovery and listing of HTML files. Once the image is loaded, browsing through the contents of the acquired drive is straightforward and intuitive.

Figuring out the filtering feature was a bit more difficult. However, once an investigation is complete, FTK has an excellent reporting feature, as it creates reports on the fly.

Documentation is comprehensive and does a great job of covering everything.

AccessData offers phone, email and web support. This, however, is not included in the price. An additional $840 per year charge is required to receive unlimited telephone support, as well as product updates.
Product title
AccessData Forensic Toolkit v3.0
Product info
Name: Forensic Toolkit Description: Price: $2,995
Strength
Feature-rich, very thorough, a forensic Swiss Army knife.
Weakness
Steep system requirements.
Verdict
One of the top forensics suites out there, even if it does require a beast of a machine to run.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.