The Forensic ToolKit (FTK) is very powerful and comes loaded with features, although it is naturally difficult to make such a powerful tool completely simple to use. The program interface can overwhelm at first glance, with all its different features and options, but after reading the documentation and getting to know the program, it becomes much more intuitive.
This program is rich with features. As a basic IT forensic tool, it includes features such as a registry viewer, in-depth easy-to-read logging, an easy-to-use standalone disk imager, and direct email and zip file analysis. The features do not stop there though.
We found this program to be an excellent and comprehensive forensic toolkit. And with its extended features such as the password recovery feature, for gaining access to protected files to search for evidence, and the powerful Distributed Network Attack feature, which can be used to crack encrypted files over a network, we thought that its performance as an incident response tool was formidable.
FTK performed excellently for all our tests. The easy to read logs and information screens made it simple for us to acquire our test disk and draw in-depth conclusions from our collected data.
Documentation for this product is quite good. The manual is a PDF file included on the software CD and it contains all installation and user information for the program. We found it to be a fairly easy read and quite easy to navigate. However, we did find it was not very specific in some of the more complex areas of the product’s features which is where manuals are most useful.
The AccessData support centre has several ways in which to find technical and product support. The first is offered both by phone and email. For additional product support, the site includes a forum, customer service phone number, and customer service email.
AccessData makes owning FTK easy. It is powerful and loaded with features for very little cost, and is both a great IT forensic tool and very cost-effective. For example, as long as users have an active dongle, they can download updates and new product versions straight from the website.