|
An Integrated Computer Forensics Solution
- Create images, analyze the registry, conduct an investigation,
decrypt files, crack passwords, identify steganography, and build a report all with a single
solution.
- Recover
passwords from 100+ applications; harness idle CPUs across the network
to decrypt files and perform robust dictionary attacks.
- KFF hash library
with 45 million hashes.
Enterprise-class
Architecture
- Supports the largest, most
complex datasets.
- Never lose work due to a crash, because the FTK
components are compartmentalized. (Example: If the GUI crashes, the Workers continue to process
data.)
- Ability to back up and archive cases.
- Every copy of FTK 3 includes a total of 4 Workers to enable distributed processing
– 1 on the examiner machine and 3 distributed. Coming
soon!
- The solution easily expands to incorporate
Lab capabilities, such as unlimited
distributed processing, collaborative analysis, central case/task management and web review. This
is of particular value to law
enforcement and government computer forensic labs.
Powerful Processing and Speed
- The GUI is 10 times more responsive.
- Distributed processing allows you to leverage up to 3 additional computers to
dramatically reduce processing time and tackle massive data sets. Coming soon!
- True multi-processor
and multi-threading support that takes advantage of hardware advancements.
- Wizard-driven processing ensures no data is missed.
- Cancel/Pause/Resume functionality
- Better real-time
processing status
- CPU resource throttling
- New
email notification upon processing completion
- Pre- and
post-processing refinement allows you to control how images are processed.
- Advanced data carving engine allows you to carve allocated and unallocated data and
specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant
data carved while increasing overall thoroughness.
- Optimized dtSearch
integration delivers fast indexing and fast search results.
The Most
Advanced Analytics
- RAM Dump Analysis
- Enumerate all running processes, including those hidden by rootkits, and display
associated DLLs, network sockets and handles in context, from 32-bit windows machines.
- For each process it will display: Name | Path |
Start Time | Working Directory | Command Line| ProcessID | ParentID | MD5 | SHA1 | Fuzzy Hash |
Size | Windows Title
- For each DLL: Name | Path | Process
Name | ProcessID | ParentID |
- For Network Socket: Port |
Protocol | Local Address | Remote Address | Remote Port | Process Name | ProcessID
- For Open Handles: Handle Type | Path | Access Mask |
ProcessID
- Dump a process and associated DLLs for further
analysis in third-party tools.
- Memory string search allows you to
identify hits in memory and automatically map them back to a given process, DLL or piece of
unallocated and dump the corresponding item. Coming
soon!
- Process RAM captures for additional forensic
artifacts, such as passwords, html pages, .lnk files and MS Office
documents.
- Powerful index search engine and a proper full-feature
regular expression engine for binary searches.
- Broad file system,
compound file and email support.
- Currently supported email types are: Notes NSF,
Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail,
Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC
833
- Supports popular encryption technologies, such as Credant,
SafeBoot, Utimaco, EFS, PGP and Guardian Edge.
- Automatically identify potentially
pornographic images, using the Explicit Image Detection (EID) add-on.
- Comprehensive
Mac support
- Process B-Trees attributes for
metadata
- PLIST support
- SQLite database support
- Apple DMG and
DD_DMG disk image support
- Crack Sparse Images or Sparse Bundles
- JSON file
support
Preview, Acquisition and Analysis of
LIVE DATA
- Perform network-based, secure, single-system forensic
acquisition of physical devices, logical volumes and RAM.
- The agent
is easy to deploy.
- Doesn’t require a cumbersome installation and
authentication process.
- Secure Remote Device
Mounting
Intuitive Interface and Rich
Functionality
- Easy-to-understand and easy-to-use GUI with
pre-defined and customizable data views, advanced filtering, dockable windows and automated data
categorization.
- Multiple data views allow users to analyze files in a
number of different ways, such as native, hex, text and filtered.
- Full
Unicode and Code Page support.
- Create detailed reports and output them
into native format, HTML, PDF, XML, RTF, and more - with links back to the original
evidence.
- Define Registry Supplemental Reports (RSR) During Pre-processing
or Additional Analysis:
- Clear reporting on what files could not be
processed or indexed with the Processing Exception/Case Info report.
- Create a CSV of the processed files that can be imported into Excel or a database
application.
- Export MSGs for all supported email
types.
|
