International Orders: Please contact us.This product is not a stock item. Please allow extra time for processing your order. If you need expedited delivery, please call us for service options.
Standalone + 1 Year Subscription
Forensic Toolkit Training
FORENSIC TOOLKIT 3.0
Reengineered Components for Improved Performance
Redesigned Database Layer: The FTK GUI is 10xs more responsive across the board,
even on machines with only 4GB of RAM.
Redesigned Processing Engine:
Leverages the same battle-tested FTK components
Faster more efficient processing
Better real-time processing status
CPU resource throttling
New email notification upon processing completion
Distributed Processing (coming soon):
Every copy of FTK of comes with 4 workers, allowing you to leverage CPU resources from up to 4 computers. (3 distributed workers and 1 worker on the main FTK examiner system)
Leverage legacy hardware to reduce processing time
Completely Reengineered dtSearch Integration:
Search results populate very fast, even with large result sets.
We’ve changed the way results are stored and way results are displayed.
New Macintosh Capabilities:
Process B-Trees attributes for metadata
SQLite database support
Apple DMG and DD_DMG disk image support
Crack Sparse Images or Sparse Bundles
JSON file support
Dramatically Enhanced Graphics Tab:
Image thumbnails are now stored in batches in the case folder, enabling faster image retrieval and reduced backup time.
Fewer refreshes and less delay as you scroll quickly through pages of graphics.
New icon for corrupted images vs. loading images.
Additional Encryption Support (PGP and Guardian Edge):
With the appropriate credentials, FTK will automatically decrypt PGP and Guardian Edge encrypted volumes.
Currently supported encryption formats are Utimaco, Guardian Edge, PGP, SafeBoot, Credent and EFS.
Explicit Image Detection Integration (Available as an Add-on):
Automated detection and identification of graphic images by analyzing visual features in the image to assess its actual visual content.
All images are given a score based on their projected potential to be pornographic, in order to streamline the process of identifying evidentiary images.
ACQUISITION AND ANALYSIS OF LIVE DATA
Secure Remote Device Mounting: Remotely connect to a single target machine and mount devices (physical devices, logical volumes or memory) locally on the examiner’s machine. This enables examiners to use FTK, Imager or a third-party utility to forensically analyze live data on the remote devices from their examiner systems.
Live Device Acquisition:
Perform network-based, secure, single-system forensic acquisition of physical devices, logical volumes and RAM.
Image the full range of system memory
Image entire physical device or devices
Image an entire volume or volumes
The agent can be quickly deployed and does not require installation of any kind.
No painful authentication/authorization process is required.
RAM Dump Analysis:
Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context, from 32-bit windows machines.
For each process it will display: Name | Path | Start Time | Working Directory | Command Line| ProcessID | ParentID | MD5 | SHA1 | Fuzzy Hash | Size | Windows Title
For each DLL: Name | Path | Process Name | ProcessID | ParentID |
For Network Socket: Port | Protocol | Local Address | Remote Address | Remote Port | Process Name | ProcessID
For Open Handles: Handle Type | Path | Access Mask | ProcessID
Dump a process and associated DLLs for further analysis in third-party tools.
Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated and dump the corresponding item. COMING SOON!
Process RAM captures for additional forensic artifacts, such as passwords, html pages, .lnk files and MS Office documents.
REPORTING AND CASE MANAGEMENT
Define Column Settings Per Bookmark in Your Reports: Define unique column settings that apply to a specific bookmark.
Processing Exception & Case Info Report: FTK 3 now provides clear reporting on what files could not be processed or indexed. In addition, the report displays version, name of evidence and case processing preferences per evidence item, including dtSearch options, as well as overall processing time.
Define Registry Supplemental Reports (RSR) During Pre-processing or Additional Analysis:
Choose from a set of pre-defined Summary RSR templates, which are automatically made available in the Reporting Wizard
Access library of RSR reports online
Create your own
Export MSGs from All Supported Email Types: Currently supported email types are: Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833.
CSV Support: You now have the option to automatically create a CSV of the processed files that can be imported into Excel or a database application.
Case Portability: You can easily store and transfer an entire case on separate physical media without doing a full case backup.
Enhanced User Administration: Administrators can now change user names, roles, passwords and delete users.
OPTIMIZE PERFORMANCE WITH DYNAMIC MODIFICATION OF MEMORY ALLOCATION
Database Memory Adjuster: Depending on data set size, the ability for results in the GUI to come back quickly is a result of hardware and memory allocation for the database. Oradjuster enables examiners to dynamically modify memory allocation between processing and analysis to further improve processing and review performance. It will automatically free up memory resources utilized by the database upon the closure of FTK.