Forensic Toolkit Explained

Forensic Toolkit, or FTK, is computer forensics software originally developed by AccessData, and now owned and actively developed by Exterro. It scans a hard drive looking for various information.^[1] It can, for example, potentially locate deleted emails^[2] and scan a disk for text strings to use them as a password dictionary to crack encryption.^[3]

FTK is also associated with a standalone disk imaging program called FTK Imager. This tool saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 and SHA1 hash values and can verify the integrity of the data imaged is consistent with the created forensic image. The forensic image can be saved in several formats, including DD/raw, E01, and AD1.^[4]

External links

AccessData Forensic Toolkit (PDF)

Notes and References

1. Web site: Secure Passwords Keep You Safer. Schneier. Bruce Schneier. Bruce. 2007-11-01. Wired. 3. 2009-01-12.
2. Dixon. Phillip D.. December 2005. An overview of computer forensics. IEEE Potentials. IEEE. 24. 5. 8. 0278-6648. 2009-01-12. 10.1109/mp.2005.1594001. 25462454. 2016-03-03. https://web.archive.org/web/20160303213205/http://www.phillipdixon.net/PDForensics.pdf. dead.
3. Casey. Eoghan. Fall 2002. Practical Approaches to Recovering Encrypted Digital Evidence. International Journal of Digital Evidence. Economic Crime Institute, Utica College. Utica, New York. 1. 3. 12. 1938-0917. 2009-01-12. https://web.archive.org/web/20131102054557/http://www.digital4nzics.com/Student%20Library/Practical%20Approaches%20to%20Recovering%20Encrypted%20Digital%20Evidence.pdf. 2013-11-02. dead.
4. Web site: FTK Imager User Guide v4.3.0. https://web.archive.org/web/20210419150238/https://ad-pdf.s3.amazonaws.com/Imager/4_3_0/FTKImager_UG.pdf. 2021-04-19. 2020-10-08. January 28, 2020. dead.