1. Zero in on Relevant Evidence Faster. FTK is recognized around the world as the standard in digital forensic investigation solutions. BROCHURE Forensic Toolkit (FTK ) 2. www.AccessData.com 2014 AccessData Group Key Features Easy-to-use GUI with automated pre-processing of forensic data. Fully interoperable with Mobile Phone Examiner Plus (MPE+), Summation and the entire suite of AccessData solutions. Interoperability with mobile device, e-discovery and cyber security solutions. The Broadest OS Support and Analysis on the market. Advanced filtering and automated data categorization. Do it all. Preview, acquisition, mounting and analysis of live data. Flexibility. Available as a perpetual or subscription license. Native support for Volume Shadow Copy. Comprehensive volatile memory analysis. Add-on Cerberus for automated malware analysis and triage. Password cracking through PRTK/DNA. Visualization capabilities allow graphic analysis of file and email data. Geolocation allows various types of data to be shown geographically on a mapeven offline! Powerful index search engine with regular expression. World-class training. FTK provides you with an entire suite of investigative tools necessary to conduct digital investigations smarter, faster and more effectively. FTK provides you with and entire quite of investigative tools necessary to conduct digital investigations smarter, faster and more effectively. It allows you to quickly establish case facts through innovative and market leading features such as distributed processing, collaborative case analysis, and evidence visualization reports and more; all in one single comprehensive solution. It provides innovative and integrated features to support data processing integrity, speed and analysis depth. Reduce case backlogs by zeroing in on relevant evidence faster. Case backlogs are only getting bigger. There just isnt enough time or resources to process the data that needs to be examined in each specific case. FTK is built for speed, stability and ease of use, providing comprehensive data processing and indexing up front, so filtering and searching is faster than with any other product on the market. This equates to an increase in analysis speed allowing you to obtain actionable intelligence much quicker. Additionally, large digital forensic investigation entities can easily upgrade FTK to expand the processing capacity and incorporate web-based case management and collaborative analysis to minimize caseload through division of labor in AD Lab. Take Control of Big Data The use and variety of both computer and other digital devices has grown exponentially. All criminal cases today involve massive amounts of digital evidence from many different sources. FTKs mature database-driven, enterprise-class architecture allows you to handle and make-sense of these massive data sets through processing stability and data visualization not available with other tools. With FTK, you can easily separate relevant data from the trivial and easily explain those nuances to colleagues, attorneys/ barristers and jurors. Furthermore, FTK is the only solution on the market that is purpose built to interoperate with the entire portfolio of AccessDatas solutions to help you overcome challenges attributed to mobile device usage, BYOD, e-discovery, and cyber security. With FTK and AD Lab, we are able to quickly train investigators to use the interface and collaborate on early case assessment. This frees up highly qualified digital forensics analysts to focus on analysis. Major Keith Miller, Officer Commanding, Service Police Crime Bureau, Royal Military Police (fmr.) 3. 2014 AccessData Group www.AccessData.com Key Benefits INTEGRATED COMPUTER FORENSIC SOLUTION FTK allows users to create images, process wide range of data types from forensic images to email archives and mobile devices, analyze the registry, decrypt files, crack passwords, and build reports, all within a single solution examiners in distributed labs can work together on the same case. UNMATCHED PROCESSING FTK utilizes distributed processing and is the only forensics solution to fully leverage multi- threaded/multi-core computers. While other forensics tools waste the potential of modern hardware solutions, FTK is able to use 100% of its hardware resources. e on the same case at the same time, utilizing a division-of-labor approach. HANDLE MASSIVE DATA SETS WITHOUT CRASHING OR LOOSING WORK While other products can run out of memory and slow or crash during processing, FTK is database driven with a modular architecture that provides the stability necessary to handle data sets of nearly any size. FEATURE RICH OUT OF THE BOX FTK is far and away the best value on the market given features like visualization; explicit image detection (EID), password cracking and remote machine analysis all included at a single price point. FAST, COMPREHENSIVE INDEX AND BINARY SEARCHING By processing and indexing data up front and leveraging the powerful dtSearch engine, as well as a full-featured regular expression engine, FTK produces fast and accurate results. FILE AND DISK ENCRYPTION SUPPORT With proper credentials you can decrypt technologies, such as BitLocker, Credant, SafeBoot, Utimaco, PGP, Guardian Edge, Sophos Enterprise and S/MIME and more. FTK can also decrypt hundreds of file types. It will decrypt files during processing with passwords you provide, or you can select encrypted files within FTK and send them to the built-in Password Recovery Toolkit (PRTK/DNA) module for password recovery. ADVANCED GALLERY VIEW FOR IMAGES AND VIDEO WITH EID Quickly identify critical image and video files. In addition FTK identifies sexually explicit images automatically, which is an invaluable feature for law enforcement. It not only recognizes flesh tones, but shapes and image orientations that could be pornographic in nature. MICROSOFT PhotoDNA Supports Microsoft PhotoDNA which creates a unique signature for a digital image, like a fingerprint, that can be compared with the signatures of other images to find copies and variations of images of interest. SUPERIOR EMAIL ANALYSIS FTK supports a wide array of email types, including Notes NSF, Outlook PST/OST, Exchange EDB, Outlook Express DBX, Eudora, EML (Microsoft Internet Mail, Earthlink, Thunderbird, Quickmail, etc.), Netscape, AOL and RFC 833. SINGLE-NODE ENTERPRISE (REMOTE INVESTIGATION) Preview, acquire and analyze hard drive data, peripheral device data, and volatile/memory data from remote systems on your network. 4. LEARN MORE: www.AccessData.com GLOBAL HEADQUARTERS +1 801 377 5410 588 West 300 South Lindon, Utah USA NORTH AMERICAN SALES +1 800 574 5199 Fax: +1 801 765 4370 sales@accessdata.com INTERNATIONAL SALES +44 20 7010 7800 internationalsales@accessdata.com VOLATILE AND MEMORY ANALYSIS Enumerate all running processes, even those hidden by rootkits, and display associated DLLs, network sockets and handles in context. Search memory, automatically map hits back to a given process, DLL or piece of unallocated space, and dump the corresponding item. VAD tree analysis exposes registry artifacts in memory, parsing and displaying handle information. (Supports Windows 32- & 64-bit, Apple, UNIX and Linux) INTERNET ARTIFACT ANALYSIS FTK provides broad browser support with SQLite parsing and includes 40 Internet artifact carvers for popular web applications, including Facebook, Google Drive (Docs), Google Chat, ICQ 7M, Skype, DropBox, Torrent and many, many more. BROAD SUPPORT AND OS ANALYSIS Recognized for its superior analysis of iOS machines, FTK supports B-Trees, .PLISTs, SQLite databases, .JSON files and .DMG and .DD disk images. DATA VISUALIZATION FOR AUTOMATED TIMELINE CONSTRUCTION AND SOCIAL ANALYSIS There is no need to rely on third-party tools to see visual relationships within data! The Visualization technology in FTK displays your data in timelines, cluster graphs, pie charts, geolocation and more. MALWARE TRIAGE & ANALYSIS Available as an add-on to FTK, Cerberus allows you to determine the behavior and intent of suspect binaries, giving you actionable intelligence without having to wait for a malware team to perform deeper, more time consuming analysis.