The document is a brochure describing the key features and benefits of Forensic Toolkit (FTK), a digital forensics investigation software. FTK provides comprehensive tools to conduct investigations faster and more effectively, with features like distributed processing, evidence visualization, and interoperability with other AccessData solutions. It allows processing of large amounts of data from multiple sources and filtering of relevant evidence more quickly than other tools.

1. Zero in on Relevant Evidence Faster.
FTK is recognized around the world as the standard in digital
forensic investigation solutions.
BROCHURE
Forensic Toolkit®
(FTK®
)

2. www.AccessData.com © 2014 AccessData Group
Key Features
Easy-to-use GUI with automated
pre-processing of forensic data.
Fully interoperable with Mobile
Phone Examiner Plus (MPE+),
Summation and the entire suite of
AccessData solutions.
Interoperability with mobile device,
e-discovery and cyber security
solutions.
The Broadest OS Support and
Analysis on the market.
Advanced filtering and automated
data categorization.
Do it all. Preview, acquisition,
mounting and analysis of live data.
Flexibility. Available as a perpetual
or subscription license.
Native support for Volume Shadow
Copy.
Comprehensive volatile memory
analysis.
Add-on Cerberus for automated
malware analysis and triage.
Password cracking through
PRTK/DNA.
Visualization capabilities allow
graphic analysis of file and email
data.
Geolocation allows various types of
data to be shown geographically on
a map—even offline!
Powerful index search engine with
regular expression.
World-class training.
FTK provides you with an entire suite of investigative
tools necessary to conduct digital investigations
smarter, faster and more effectively.
FTK provides you with and entire quite of investigative tools necessary to
conduct digital investigations smarter, faster and more effectively. It allows
you to quickly establish case facts through innovative and market leading
features such as distributed processing, collaborative case analysis, and
evidence visualization reports and more; all in one single comprehensive
solution. It provides innovative and integrated features to support data
processing integrity, speed and analysis depth.
Reduce case backlogs by zeroing in on relevant
evidence faster.
Case backlogs are only getting bigger. There just isn’t enough time
or resources to process the data that needs to be examined in each
specific case. FTK is built for speed, stability and ease of use, providing
comprehensive data processing and indexing up front, so filtering and
searching is faster than with any other product on the market. This
equates to an increase in analysis speed allowing you to obtain actionable
intelligence much quicker. Additionally, large digital forensic investigation
entities can easily upgrade FTK to expand the processing capacity and
incorporate web-based case management and collaborative analysis to
minimize caseload through division of labor in AD Lab.
Take Control of Big Data
The use and variety of both computer and other digital devices has grown
exponentially. All criminal cases today involve massive amounts of digital
evidence from many different sources. FTK’s mature database-driven,
enterprise-class architecture allows you to handle and make-sense of these
massive data sets through processing stability and data visualization not
available with other tools. With FTK, you can easily separate relevant data
from the trivial and easily explain those nuances to colleagues, attorneys/
barristers and jurors. Furthermore, FTK is the only solution on the market
that is purpose built to interoperate with the entire portfolio of AccessData’s
solutions to help you overcome challenges attributed to mobile device
usage, BYOD, e-discovery, and cyber security.
With FTK and AD Lab, we are able to
quickly train investigators to use the
interface and collaborate on early
case assessment. This frees up highly
qualified digital forensics analysts to
focus on analysis.
Major Keith Miller, Officer Commanding, Service
Police Crime Bureau, Royal Military Police (fmr.)

3. © 2014 AccessData Group www.AccessData.com
Key Benefits
INTEGRATED COMPUTER FORENSIC SOLUTION
FTK allows users to create images, process wide range of data types from forensic images to
email archives and mobile devices, analyze the registry, decrypt files, crack passwords, and
build reports, all within a single solution examiners in distributed labs can work together on the
same case.
UNMATCHED PROCESSING
FTK utilizes distributed processing and is the only forensics solution to fully leverage multi-
threaded/multi-core computers. While other forensics tools waste the potential of modern
hardware solutions, FTK is able to use 100% of its hardware resources. e on the same case at
the same time, utilizing a division-of-labor approach.
HANDLE MASSIVE DATA SETS WITHOUT CRASHING OR LOOSING WORK
While other products can run out of memory and slow or crash during processing, FTK is
database driven with a modular architecture that provides the stability necessary to handle
data sets of nearly any size.
FEATURE RICH OUT OF THE BOX
FTK is far and away the best value on the market given features like visualization; explicit image
detection (EID), password cracking and remote machine analysis all included at a single price
point.
FAST, COMPREHENSIVE INDEX AND BINARY SEARCHING
By processing and indexing data up front and leveraging the powerful dtSearch engine, as well
as a full-featured regular expression engine, FTK produces fast and accurate results.
FILE AND DISK ENCRYPTION SUPPORT
With proper credentials you can decrypt technologies, such as BitLocker, Credant, SafeBoot,
Utimaco, PGP, Guardian Edge, Sophos Enterprise and S/MIME and more. FTK can also decrypt
hundreds of file types. It will decrypt files during processing with passwords you provide, or you
can select encrypted files within FTK and send them to the built-in Password Recovery Toolkit®
(PRTK/DNA) module for password recovery.
ADVANCED GALLERY VIEW FOR IMAGES AND VIDEO WITH EID
Quickly identify critical image and video files. In addition FTK identifies sexually explicit images
automatically, which is an invaluable feature for law enforcement. It not only recognizes flesh
tones, but shapes and image orientations that could be pornographic in nature.
MICROSOFT® PhotoDNA®
Supports Microsoft PhotoDNA which creates a unique signature for a digital image, like a
fingerprint, that can be compared with the signatures of other images to find copies and
variations of images of interest.
SUPERIOR EMAIL ANALYSIS
FTK supports a wide array of email types, including Notes NSF, Outlook PST/OST, Exchange
EDB, Outlook Express® DBX, Eudora, EML (Microsoft Internet Mail, Earthlink®, Thunderbird®,
Quickmail®, etc.), Netscape®, AOL® and RFC 833.
SINGLE-NODE ENTERPRISE (REMOTE INVESTIGATION)
Preview, acquire and analyze hard drive data, peripheral device data, and volatile/memory data
from remote systems on your network.

4. LEARN MORE: www.AccessData.com
GLOBAL HEADQUARTERS
+1 801 377 5410
588 West 300 South
Lindon, Utah
USA
NORTH AMERICAN SALES
+1 800 574 5199
Fax: +1 801 765 4370
sales@accessdata.com
INTERNATIONAL SALES
+44 20 7010 7800
internationalsales@accessdata.com
VOLATILE AND MEMORY ANALYSIS
Enumerate all running processes, even those hidden by rootkits, and display associated DLLs,
network sockets and handles in context. Search memory, automatically map hits back to a
given process, DLL or piece of unallocated space, and dump the corresponding item. VAD tree
analysis exposes registry artifacts in memory, parsing and displaying handle information.
(Supports Windows® 32- & 64-bit, Apple®, UNIX® and Linux®)
INTERNET ARTIFACT ANALYSIS
FTK provides broad browser support with SQLite parsing and includes 40 Internet artifact
carvers for popular web applications, including Facebook, Google Drive (“Docs”), Google Chat,
ICQ 7M, Skype, DropBox, Torrent and many, many more.
BROAD SUPPORT AND OS ANALYSIS
Recognized for its superior analysis of iOS® machines, FTK supports B-Trees, .PLISTs, SQLite
databases, .JSON files and .DMG and .DD disk images.
DATA VISUALIZATION FOR AUTOMATED TIMELINE CONSTRUCTION AND SOCIAL ANALYSIS
There is no need to rely on third-party tools to see visual relationships within data! The
Visualization technology in FTK displays your data in timelines, cluster graphs, pie charts,
geolocation and more.
MALWARE TRIAGE & ANALYSIS
Available as an add-on to FTK, Cerberus allows you to determine the behavior
and intent of suspect binaries, giving you actionable intelligence without having
to wait for a malware team to perform deeper, more time consuming analysis.