Forensic Toolkit (FTK) is a complete platform for digital investigations, developed to assist the work of professionals working in the information security, technology, and law enforcement sectors.
Through innovative technologies used in filters and the indexing engine, the relevant evidence of investigation cases can be quickly accessed, dramatically reducing the time to perform the analysis.
This chapter will cover the first steps needed to install and configure the FTK tool.
Forensic digital investigations include the following processes:
Preparation
Acquisition and preservation
Analysis
Reports and presentation
This process will be discussed in more detail in Chapter 4, Working with FTK Forensics, with the use of FTK forensics and enterprise editions.
The computer forensics tools need to be kept updated to address issues such as an increasing size of hard drives and the use of encryption in order to reduce the time to perform the data acquisition and analysis.
AccessData has two versions of the platform:
FTK forensics: This version of FTK, which will be covered in this book, has the ability to perform the acquisition and analysis of digital devices such as computer hard drives, USB drives, flash memory devices, smartphones, tablets, and other digital media. Its approach is related to a process called post-mortem computer forensics, which happens when the computer has been powered down.
AD Enterprise: In general, AD Enterprise has the same features as the FTK forensics version plus the ability to analyze multiple computers across your company simultaneously. Another important feature of this version is the ability to acquire and analyze volatile data, such as RAM. The investigation process is totally confidential, and the investigated user will not be aware of the analysis, even if it is done through the network and with the target equipment in use.