Forensic Toolkit, or FTK, is a computer forensics open-source software made by
AccessData. It searches a hard drive for different types of data. For
instance, it might be able to find deleted emails and search a disc for text
strings to use as a dictionary of passwords to break encryption.
FTK Imager is a data preview and imaging tool that lets you quickly assess
electronic evidence to determine if further analysis with a forensic tool
such as AccessData Forensic Toolkit (FTK) is necessary.
A bit-by-bit duplicate image of the media is created by FTK Imager to
prevent accidental or intentional modification of the original evidence. The
file slack, unallocated space, and drive-free space in the forensic image
are all exactly the same as they were in the original. By using the image
for the investigation, you are able to save the original media somewhere
safe.
AccessData Forensic Toolkit (FTK) is a program that may be used to analyze
data once you have created an image of it.
KEY FEATURES
- Create forensic images of entire folders or single files from different locations on local hard drives, floppy discs, Zip discs, CDs, and DVDs.
- You can preview files and directories on local hard drives, network drives, floppy discs, Zip discs, CDs, and DVDs.
- Preview the contents of forensic images stored on the local machine or on a network drive
- The content of an image can be seen in a read-only view by mounting it and using Windows Explorer to see the file just as the user saw it on the original drive.
- Export files and folders from forensic images.
- See deleted files that have not yet been overwritten on the device in the Recycle Bin and retrieve them.
- Create hashes of files using either of the hash functions available in FTK Imager: Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1).
- The FTK imager additionally offers you a built-in integrity testing feature that creates a hash report that aids in comparing the evidence's hash before and after the image of the original Evidence was created.
- Create hash reports for shared files and disc images (together with any files contained inside those images) that you can later use as a standard to demonstrate the integrity of your case's supporting documentation. When a whole drive is imaged, a hash produced by FTK Imager can be used to confirm that the image hasn't changed while being acquired and that the image and the drive's hashes match after the image is made.
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment