|[January 13, 2014]
Advanced Forensic Technologies Uncover Lost and Hidden Evidence Faster Across Computing Devices
LINDON, Utah --(Business Wire)--
The big challenges digital investigators face is the time and effort
required to sift through the sheer volume of case data across their
devices. They use several third party solutions to handle specific tasks
which add greater complexity and resources. AccessData,
the leader in incident resolution technology, eliminates some of these
challenges with the introduction of Forensic
Toolkit (FTK) version 5.1 with native forensic investigative
capability of Microsoft's (News - Alert) Volume Shadow Copy (VSC). This new platform
allows for advanced integration and enhanced visibility into all digital
elements and artifacts to ensure that evidence is not missed.
"With the increase in case work caused by the frequency and complexity
of digital investigations, forensic examiners need an easy-to-use
platform that enables a quicker path to evidence discovery,"�said Brian
Karney, AccessData's COO & President. "FTK's VSC support allows
investigators to easily identify and quickly examine 'digital artifacts'
across different points in time, while leveraging all of the advanced
features of FTK."
Digital investigators using FTK can now quickly examine file system
snapshots captured by Microsoft's Volume Shadow Copy (VSC) technology.
Unlike other solutions, FTK gives organizations access to VSC without
the need for additional time-consuming manual processes or use of third
party tools. This translates into a seamless, more efficient
evidence-analysis process, thereby speeding the overall investigation.
"Volume Shadow Copies (VSCs) are extremely useful in digital forensics,"
said Neil Broom,�Laboratory Director of�Technical Resource Center, an
American Society of Crime Laboratory Directors (ASCLD) Accredited Lab.
"Using VSCs, we have successfully proven that spoliations had been
attempted on a hard drive through the use of anti-forensics tools (i.e.
CCleaner). After CCleaner was run, the hard drive showed no evidence of
the proprietary data we were looking for. After examining the VSCs, we
were able to recover destroyed Registry files that proved the
proprietary data had been accessed on that computer. The VSCs showed a
'snapshot-in-time' of when these files were active on the hard drive and
when they were deleted."
In addition to retrieving metadata for deleted files, VSC analysis with
FTK provides a system point-in-time history that serve as a chronology
of how documents, user activity, programs and other artifacts have
changed over time. For example, this could reveal relevant evidence that
resided in a document at some point in the past but was intentionally
changed and would not be recoverable any other way - a major stumbling
block in digital investigations.
Advanced Geolocation Visualization
FTK also includes evidence geomapping, a new data visualization feature,
which allows investigators to see on a map the geographic
location of evidence items containing geolocation information. This
saves valuable time by providing a visual depiction of where digital
activities and actions took place (a digital crime scene reconstruction)
that may be used as irrefutable evidence in a case.
Other 5.1 features include:
Deeper integration with�AccessData's Password Recovery Toolkit®,�industry-leading
decryption technology; PRTK®. This integration allows
users to right-click on an encrypted file and decrypt it on-the-fly.
This option keeps investigators' workflow simple and allows them to
spend more time reviewing evidence instead of manually engaging in the
file decryption process.
Improved organization of Internet Explorer® 9 Internet artifacts and
web page reconstruction. This provides granular groupings of: IE
Cache Entries, IE Cookies Entries, IE History Entries,
IE Download Entries, and MSIE Recovery Data Entries as
well as an integrated semantic keyword expansion capability to help
examiners leverage additional keywords that may be related, specific,
general or synonymous, enhancing search scope.
Support for Microsoft Resilient File System (MS ReFS) found in Windows
8 and Windows Server 2012.
FTK 5.1 or learn more about additional
features included in the release, please visit www.accessdata.com
About Forensic Toolkit® (FTK®)
Given 5 stars several years running and a recommended designation from SC
Magazine, AccessData's flagship product, Forensic Toolkit, has
forged a category all its own by delivering a radically different
architecture than other forensic tools, more advanced capabilities and a
different approach to processing and analysis. The database-driven
solution introduced distributed processing, integrated volatile data and
memory analysis, the most comprehensive Apple (News - Alert)® OS analysis of any other
Windows-based forensics product and built-in decryption capabilities.
FTK is truly an enterprise-class investigative platform, allowing
examiners to remotely preview and acquire computers and handle massive
volumes of data with unmatched speed and accuracy.
5.1 What's new? Video
Brochures, White Papers Case Studies and Additional Videos
AccessData Group makes the world's most advanced and intuitive incident
resolution solutions. AccessData technology delivers comprehensive,
real-time insight, analysis, response and resolution of data incidents,
including cyberthreats, insider threats, mobile and BYOD risk, GRC
(Governance Risk & Compliance) and eDiscovery events, and overwhelming
data variety and volume (i.e. "Big Data"). Over 130,000 users in law
enforcement, government agencies, corporations and law firms around the
world rely on AccessData software to protect them against the risks
present in today's environment of continuous compromise. http://accessdata.com.
[ InfoTech Spotlight's Homepage ]