Forensic Toolkit

Forensic Toolkit
Developer(s) AccessData
Stable release 3.3 / April 11, 2011; 10 months ago (2011-04-11)
Development status Active
Operating system Windows
Available in English
Type Computer forensics
Website http://www.accessdata.com/forensictoolkit.html

Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard drive looking for various information.[1] It can for example locate deleted emails[2] and scan a disk for text strings to use them as a password dictionary to crack encryption.[3]

The toolkit also includes a standalone disk imaging program called FTK Imager. The FTK Imager is a simple but concise tool. It saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 hash values and confirms the integrity of the data before closing the files. The result is a DD raw image.

References

  1. ^ Schneier, Bruce (2007-11-01). "Secure Passwords Keep You Safer". Wired. p. 3. http://www.wired.com/politics/security/commentary/securitymatters/2007/01/72458?currentPage=3. Retrieved 2009-01-12. 
  2. ^ Dixon, Phillip D. (December 2005). "An overview of computer forensics". IEEE Potentials (IEEE) 24 (5): 8. ISSN 0278-6648. http://www.phillipdixon.net/PDForensics.pdf. Retrieved 2009-01-12. 
  3. ^ Casey, Eoghan (Fall 2002). "Practical Approaches to Recovering Encrypted Digital Evidence". International Journal of Digital Evidence (Utica, New York: Economic Crime Institute, Utica College) 1 (3): 12. ISSN 1938-0917. http://people.emich.edu/pstephen/other_papers/Recovering%20Encrypted%20Digital%20Evidence.pdf. Retrieved 2009-01-12. 

External links