In our tool eval team, we are researching and evaluating AccessData’s Forensic Toolkit. This program advertises itself as an all encompassing tool for extracting, analyzing, and compiling digital evidence into a readable format that is acceptable for use in a court of law. Our primary goal is to understand FTK in every aspect possible, with preference given to the searching and efficiency aspects of its use.Current Progress
Over the past month, we spent a significant amount of time familiarizing ourselves with online FTK manuals and tutorials. We felt it was important to understand exactly which functions and features would help digital investigators the most before trying to run data through FTK’s systems. When we felt we were proficient in our knowledge, we set up our virtual machine with support from the LCDI helpdesk.
More recently, we have been participating in a multi-team effort to generate test data. To do this, we recreated digital footprints of a professor killing another for tenure. We knew that we had to make our test data as realistic as possible, so we threw searches of jazz musicians and golf tournaments into our fictional professor’s data stream. We plan to sift through the test data in Forensic ToolKit to discern how reliable the program is at catching criminal data in a stream of normal internet browsing.
We have been documenting our shift-to-shift progress on a website with updates in a shorter bullet point format. Along with the website, we have created and started maintenance of our twitter handle, @FTKToolEvalLCDI. We have also been researching any and all aspects of FTK that remain beyond the scope of our knowledge. This is a rather time consuming process, made much more difficult by the lack of guides and videos online. Regardless, we appear to be on track for a timely end to this project.Conclusion
We have already accomplished a lot, but still have a long way to go. Once we get our data gen back, we can begin benchmark tests and can report with more hard data. Getting everything set up on the virtual machine was a small hurdle that we overcame. We are eager to continue our progress and report back with more concrete data on FTK.
After we complete our research, we plan to compare statistics of multiple digital forensic programs, such as Encase and Autopsy, to FTK. Our hope is to provide an accurate comparison of digital forensic tools so digital investigators all over the world can have accurate knowledge and preparation in their own ventures.
To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.
Stay in the loop on our current and upcoming projects and events by following us on Facebook, Twitter, or Instagram.
The post FTK Tool Evaluation Update appeared first on The Leahy Center for Digital Investigation.