OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents.
- SAFT is a free and easy-to-use mobile forensics application developed by SignalSEC security researchers. SAFT allows you to extract valuable information from device in just one click! Is a research company that provides information security services.SignalSEC Research team is an active team in international.
- Forensic investigation is always challenging as you may gather all the information you could for the evidence and mitigation plan. Here are some of the computer forensic investigator tools you would need. Most of them are free! Autopsy is a GUI-based open source digital forensic program to analyze hard drives and smartphones.
- Mobile Phone Tools v.2.0 Connect your laptop to your cell, surf the wireless Web, send e-mails, fax and SMS. Quickly synchronize your PC with your mobile phone and keep your phonebook up-to-date. Easily create, import and modify your choice of mobile ring tones.; Mobile DataBase v.1.25 FREE database of mobile (cellular) phones. Phones characteristics, photos, compare tables.
Why You Want It
Zero in on relevant evidence quickly, conduct faster searches and dramatically increase analysis speed with FTK®, the purpose-built solution that interoperates with mobile device and e-discovery technology. Powerful and proven, FTK processes and indexes data upfront, eliminating wasted time waiting for searches to execute. No matter how many different data sources you’re dealing with or the amount of data you have to cull through, FTK gets you there quicker and better than anything else.
UNMATCHED SPEED AND STABILITY
FTK uses distributed processing and is the only forensics solution to fully leverage multi-thread/multi-core computers. While other forensics tools waste the potential of modern hardware solutions, FTK uses 100 percent of its hardware resources, helping investigators find relevant evidence faster.
FASTER SEARCHING
Since indexing is done up front, filtering and searching are completed more efficiently than with any other solution. Whether you’re investigating or performing document review, you have a shared index file, eliminating the need to recreate or duplicate files.
DATABASE DRIVEN
FTK is truly database driven, using one shared case database. All data is stored securely and centrally, allowing your teams to use the same data. This reduces the cost and complexity of creating multiple data sets.
FTK Featured Video
Apple Forensic Tools
When you need a best-in-class processing engine that produces repeatable results and maximum data discovery. When you need to review multiple mobile phones at once. And do it quickly. Look no further than FTK.
Key Product Features
FTK provides real-world features that help teams make sense of and manage massive data sets, separate critical data from trivial details, and protect digital information while complying with regulations.
- Unmatched speed through distributed processing engines
- Unique architecture provides better stability
- Wizard-driven to ensure no data is missed
- State-of-the-art data visualization to highlight relationships and patterns
- Only solution that utilizes a single case database, reducing cost and complexity of multiple case datasets
- Faster learning with easy-to-use GUI
Integrated Digital Investigation Solutions
Create images, process a wide range of data types from many sources from hard drive data to mobile devices, network data and Internet storage in a centralized location. Decrypt files, crack passwords, and build a report all with a single solution.
- Recover passwords from over 100+ applications
- KFF hash library with 45 million hashes
- Advanced, automated analysis without the scripting
Unique FTK® Architecture & Stability
FTK is database driven so you won’t experience the lost work associated with memory-based tools in the event of a GUI crash. FTK components are compartmentalized allowing the processing workers to continue processing data without interruption.
Unmatched Processing Capabilities
- Distributed processing with a total of 3 engines
- True multi-threaded / multi-core support
- Wizard-driven processing ensures no data is missed
- Pre- and post-processing refinement
- Advanced data carving engine allows you to specify criteria, such as file size, data type and pixel size to reduce the amount of irrelevant data carved while increasing overall thoroughness
- Create, import and export reusable processing profiles with pre-defined processing options for different investigative needs
Capabilities To Empower You
- Parse even more registry and Windows events in an easy to read, interactive and reportable Windows System Information tab. Also label, bookmark and export individual objects per category, allowing for easy searching, filtering and reporting.
- Supports decryption of File Vault 2 from the APFS file system.
- QView™ integration introduces a simple, intuitive and customizable review interface. Utilize multi-case functionality such as tagging, searching, labeling and bookmarking across multiple cases. Enjoy easy mobile chat application and multimedia review, along with similar face and image detection all backed by a unified database. And, a panels-driven interface means that you can customize the view to your liking.
- Export your data into a portable case for offline review and sync back labels, bookmarks, comments and notes to the original case. Reviewers will also appreciate the ability to view the data in a near-native format.
- Similar face and object detection allow investigators to quickly locate all images of a person or object across the case without having to train the system, which can use up valuable time and resources. Also, upload an image from outside the case and compare it to pictures within the current case without ingesting it.
- Get a head start on your investigation with URL detection and parsing capabilities across devices without regard to browser, neatly organized under one section to easily review the data and connect the dots in your investigation.
- FTK will ingest and support updated versions of LX01 and E01 images.
- Automatically import and expand a nested forensic image with image within an image support.
- Import and parse AFF4 images created from Mac® computers (generated by third-party solutions like MacQuisition by BlackBag).
- Parse XFS file systems when investigating and collecting from RHEL Linux environments.
- Leverage the power of your forensic environment with optimized support for unified database for the AWS/Amazon RDS configuration. Host your FTK database in AWS to upload, process and review for unmatched speed and scalability.
- Cut down on OCR time by up to 30% with our efficient OCR engine.
- Locate, manage, and filter mobile data more easily with a dedicated mobile tab. Use the message application filter to quickly isolate data from message applications like WhatsApp or Facebook.
- View all associated EXIF data, including location, make and model of the device used to capture the images or video.
- Collect, process and analyze datasets containing Apple file systems that are encrypted, compressed or deleted.
- Decrypt a computer drive encrypted by the latest version of McAfee Drive Encryption and new L01 export support which eases the workflow of users when data must be used within multiple tools.
- Custom processing options help establish enterprise-wide processing standards, creating consistency for your investigations and reducing the possibility of missed data.
- The easy-to-use GUI provides a faster learning experience.
- Visualization technology that displays your data in timelines, cluster graphs, pie charts, geolocation and more, helps you get a clearer picture of events.
ADD ON THESE FEATURES TO ENHANCE THE POWER OF FTK
AccessData has developed other industry-leading solutions to assist in password recovery. These solutions are used in many different environments to provide specific, password-cracking related functions. Law enforcement and corporate security professionals performing computer forensic investigations, utilize these solutions to access password-protected files. Likewise, administrators can also utilize these solutions to recover system passwords, lost personal passwords and more. AccessData’s Password Recovery Toolkit® (PRTK®) and Distributed Network Attack® (DNA®) provide access to passwords for a large number of popular software applications. PRTK runs on a single machine only. DNA uses multiple machines across the network or across the world to conduct key space and dictionary attacks.
Rainbow (Hash) Tables
Rainbow Tables are pre-computed, brute-force attacks. In cryptography, a brute-force attack is an attempt to recover a cryptographic key or password by trying every possible key combination until the correct one is found. How quickly this can be done depends on the size of the key, and the computing resources applied. A system set at 40-bit encryption has one trillion keys available. A brute-force attack of 500,000 keys per second would take approximately 25 days to exhaust the key space combinations using a single 3 GHz Pentium 4 computer. With a Rainbow Table, because all possible keys in the 40-bit keyspace are already calculated, file keys are found in a matter of seconds to minutes; far faster than by other means. DNA and PRTK seamlessly integrate with Rainbow Tables.
Portable Office Rainbow Tables (PORT)
AccessData Portable Office Rainbow Tables (PORT) are different from the full Hash tables set. A statistical analysis is done on the file itself to determine the available keys. This takes far less space than the Hash Tables, but also takes somewhat more time and costs a small percentage in accuracy.
Let’s Get Started
FTK leverages multi-machine processing capabilities, cutting case processing times more than 400% vs. leading competitors, reducing case backlog significantly; it performs comprehensive processing upfront greatly increasing the speed with which an examiner can focus on the actual investigation.
Top 3 New Features in FTK 7.3
Explore the top new features in FTK 7.3, including Portable Case for offline review, enhanced mobile data parsing and new internet artifact categories. With this release, FTK will process and index more data types quicker than any other tool on the market.
Grant Thornton, global accounting, tax and advisory company, puts its trust in AccessData for computer forensics and e-discovery solutions.
Grant Thornton selected Summation for its integration with FTK, improving internal workflows and service quality through its rapid remote collection.
What Clients Are Saying
- 'With FTK and AD Lab, we are able to quickly train investigators to use the interface and collaborate on early case assessment. This frees up highly qualified digital forensics analysts to focus on analysis.'Officer Commanding, Service
INTERESTED IN MORE INFORMATION?
Mac Forensic Software
- Jump over to Resources for additional product brochures, case studies, white papers, as well as on-demand videos and more.RESOURCES
- View our library of on-demand video tutorials.VIEW TUTORIALS
COMPLEMENTARY PRODUCTS
Cerberus
Proactively identify compromised systems
AD Enterprise
See Full List On Secureforensics.com
Live Data, Remote Collection & Cyber Forensics
SERVICES
Our Professional Services team can work with any size organization to provide scalable support for short- or long-term initiatives, based on your needs.
Best Forensic Tools
approach to improving how you collect, analyze and use data.