Tuesday, April 24, 2007
Ultimate Toolkit
We are mainly an EnCase shop here, but I managed to convince the supervisor to spend a little more for AccessData's Ultimate Toolkit (UTK). They bought UTK with the AccessData Bootcamp training for one of their investigators to attend. The reason I am excited is because we are currently working on a case that requires extensive searches using many keywords. Yes, EnCase has a new index function in its current version. However, we did not get it to work properly yet. It also requires us to use conditions to find the terms we want. FTK's index feature is much easier to use. Index the case, and use the search box. It works as expected. Hopefully, it arrives soon so that I can show them how to use it. UTK also includes Password Recovery Toolkit (PRTK), Registry Viewer, and Distributed Network Attack (DNA). PRTK is a powerful tool for decrypting password-protected files using different schemes from a dictionary attack to a brute force attack. DNA is similar to PRTK, but allows multiple computers to work together to decrpyt the encrypted files. Registry Viewer provides an easy way to decode data in the Windows registry.
Subscribe to:
Post Comments (Atom)
3 comments:
You should also check out the P3 suite from Paraben-forensics.com I have used both Helix and the Access Data FTK, but find the tools in the Paraben kit to sometimes be useful too.
Thanks! I have used Paraben's Network Email Examiner in the past. We also have Device Seizure Toolbox. However, I was not aware of their other tools. I will definitely take a look at it. After all, an examiner can't have too many tools!
physical forensic lab
physical forensic lab
physical forensic lab
physical forensic lab
physical forensic lab
Post a Comment