Forensic Toolkit International 7.2.0.4147

Posted By: scutter

Forensic Toolkit International 7.2.0.4147 | 2.7 Gb

AccessData Group, a leading provider of integrated digital forensics and e-discovery software, announced the release of FTK 7.2 , new version of the company digital forensics software solutions that make it easier for investigators to analyze data sets from computers and mobile devices that run on the Apple File System (APFS).

FTK 7.2 feature new capabilities of decrypting a computer drive that has been encrypted by the latest version of McAfee Drive Encryption, a popular software application used in corporate environments. McAfee Drive Encryption is full-disk encryption software that helps protect data on Microsoft Windows tablets, laptops, and desktop PCs to prevent the loss of sensitive data, especially from lost or stolen equipment. It can be an obstacle for digital forensics investigators seeking to collect and process important data.

The 7.2 version also include new L01 export support, which eases the workflow of users when data must be used within multiple tools. This specific feature was requested by customers seeking to more easily export data from an AccessData forensics software product to another third-party tool.

The following items are new and improved for this release:

Drive Decryption
- Volumes encrypted with McAfee Drive Encryption (MDE) can now be decrypted. (FC-44)
- Encrypted Apple File System (APFS) volumes (other than volumes encrypted by chip internal to Mac systems) can now be decrypted. (FC-4 / FC-228)

For APFS volumes encrypted by the Apple T2 chip, the best practice would be to acquire the hard drive data while still internal to the system that encrypted it.

Database Integration
- The database schema utilized by the 7.2.x release is backwards compatible with the database schema of version 7.1.x. Therefore, FTK, AD Lab, and AD Enterprise 7.2.x can be configured tointegrate with the AccessData eDiscovery or Summation v7.1.x application database as needed.

Evidence Image Exports
- Support for exporting to L01 format is now available. (FC-47)

Processing
- ABBYY is now integrated as an optical character recognition (OCR) engine. (FC-38/ FC-263)
Note: Quin-C Server must be running to run ABBYYOCR jobs. ABBYY jobs submitted in FTK at a time when the Quin-C server service is not running will be queued and no progress will be displayed in the processing status window.
- Information on all system browser cookies is now aggregated into node found on the “System Information” tab. (FC-251)
Registry Viewer Reports
- Registry Viewer reports have been updated to include registry keys from newer versions of Windows 10. (FC-54)

Viewer
- The old version of the Natural >> Web view tab has been restored to the list of content viewers. You can now toggle between the new Web (HTML5) tab view and the old Web view as appropriate. (FC-204)

The following items have been fixed in this release

Exports
- System Information Tabdatanow exports to a properly formatted XML file.(FC-52 / FC-161)
- Exports to Browser Briefcase in CoolHTML format have been fixed. (FC-282)
- Resolved issue where Browser Briefcase export in XML format was not being generated (FC-325)

Search
- “Files created between” daterangeindex search option now returns expected results (FC-120)

User Interface
- Fixed issue that caused FTK to crash when viewing certain SQLite DB files. (FC-128)
- Improved handling of search results pane after clicking the “CLEAR” option to remove previous live search results. (FC-123)
- Corrected issue that caused the Integrated Security setting to be automatically set to TRUE upon launching the application. (FC-158)
- Improved performance of application startup when using Network License Service (NLS). (FC-162)
- Fixed issue where custom column templates saved to your case could not be utilized by other cases. (FC-273)

Processing
- Improved parsing of long chat conversations from UFDR images. (FC-53)
- Improved processing of restore points (more than 31 (FC-64)
- Improved evidence path handling of cases with expanded Volume Shadow Copies (Restore Points) in the “Add / Remove Evidence” dialog. (FC-64)
- Improved recognition of evidence images containing exFAT file systems. (FC-156)
- Improved handling for certain UFDR image processing. (FC-159)
- Processing error that resulted in “Failure: Post-Processing: PopulateQuinCFamily failed”message now displays the correct error. (FC-169)
- Improved parsing of OneNote files so that they can be properly rendered in the viewer. (FC-202)
- Improved display functionality of emails subject line when invalid characters are detected. (FC-215)
- Improved handling of APFS partition detection and decryption of certain APFS images. (FC-228 / FC-234)


FTK (Forensic Toolkit) is a court-cited digital investigations software tool built to help customers find relevant evidence faster, dramatically increase analysis speed and reduce backlogs.

FTK is intended to be a complete computer forensics solution. It gives investigators an aggregation of the most common forensic tools in one place. Whether you are trying to crack a password, analyze emails, or look for specific characters in files, FTK has got you covered. And, to sweeten the pot further, it comes with an intuitive GUI to boot.

There are a few distinguishing qualities that set FTK apart from the rest of the pack. First and foremost is performance. Subscribing to a distributed processing approach, it is the only forensic software that utilizes multi-core CPUs to parallelize actions. This results in a momentous performance boost; – according to FTK’s documentation, one could cut case investigation time by 400% compared to other tools, in some instances.

Another unique feature of FTK is its use of a shared case database. Rather than having multiple working copies of data sets, FTK uses only a single, central database for a single case. This enables team members to collaborate more efficiently, saving valuable resources. The use of a database also provides stability; unlike other forensics software that solely rely on memory, which is prone to crashing if capacity exceeds limits, FTK’s database allows for persistence of data that is accessible even if the program itself crashes.

Robust searching speeds are another hallmark of FTK. Due to the tool’s emphasis on indexing of files up front, investigators can greatly reduce search times. FTK generates a shared index file, which means that you don’t need to duplicate or recreate files.

Doug White of Secure Technology provides a demo on forensic data carving using FTK on this tech segment


Whether it’s for investigation, litigation or compliance, AccessData offers industry-leading solutions that put the power of forensics in your hands. For more than 30 years, AccessData has worked with more than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world, providing both stand-alone and enterprise-class solutions that can synergistically work together. The company is backed by Sorenson Capital, a leading private equity firm focused on high-growth portfolios.

Product: Forensic Toolkit
Version: 7.2.0.4147 International
Supported Architectures: 32bit / 64bit
Website Home Page : https://accessdata.com/
Language: english
System Requirements: PC*
Supported Operating Systems: *
Size: 2.7 Gb

Windows Operating Systems Support
The following operating systemsare supported:
- Windows 7
- Windows 10 Version 1709 (OS Build 16299.309) and 1809 (OS Build 17763.437)
- Windows Server 2012
- Windows Server 2016

Microsoft SQLServer Support
The following SQL databases are supported:
- SQL Server 2012
- SQL Server 2014
- SQL Server 2016

PostgreSQL Support
The followingversions of PostgreSQL are supported:
- 9.6.3.5
- 11.2 (this is the version provided with the FTK installation files)

Please visit my blog

Added by 3% of the overall size of the archive of information for the restoration

No mirrors please