±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35745
New Yesterday: 2 Visitors: 118

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

FTK 4

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

NEA_ICAC
Newbie
 

FTK 4

Post Posted: Feb 22, 12 00:42

I recently completed a clean on a FRED SR with Windows 7X64 and FTK 4. I am having a lot of problems getting this software to run. I had the same problem with 3.4 until tech support suggested I quit using PostgreSQL and started using Oracle again. I tried FTK4 with Oracle and there was no apparent way to install KFF.

The problem is when I start a new case I add the evidence and everything seems to be running great then the importing stopps and the indexing begins. Then the machine slows to a standstill. I was trying to add 2 drives over the weekend to a new case and it was only about 50% finished Monday morning.

I am running a FRED SR with dual raid dual 3.xx quad core processors and 32GB of ram.

Any help and or suggestions would be greatly appreciated.  
 
  

steve91386
Member
 

Re: FTK 4

Post Posted: Feb 22, 12 06:02

AccessData is currently doing a "World Tour" for the launch of FTK4. A week ago I attended the seminar they had in Boston and needless to say FTK4 was real buggy - even in their demonstrations.  
 
  

BitHead
Senior Member
 

Re: FTK 4

Post Posted: Feb 22, 12 08:56

And let me guess...when you called AccessData their support people had never heard of that problem before!  
 
  

hmorgan
Senior Member
 

Re: FTK 4

Post Posted: Feb 22, 12 16:17

Version 5 incoming !

Twisted Evil  
 
  

hydrocloricacid
Member
 

Re: FTK 4

Post Posted: Feb 23, 12 04:05

I have been using FTK4 and haven't had any issues although have been processing&indexing 60GB blocks of outlook PST's.

The first thing is to look to see if there are any resource bottlenecks slowing the process.
You have enough RAM so youcan'thave an issue there. hopefully you have ran the orajuster and allocated 40-60% of RAM to Oracle.

When I first started with FTK I had major issues because I didn't seperate the case files, database , temp folder and evidence to seperate HDD's. Processing would be very slow with the HDD light on solid. Getting a SSD and putting the DB and temp folder on that helped a lot. If you don't seperate the different files and have it all one one or two HDD's, the seek time for the HDD head's will be the bottleneck.

Have you had a look in the Resouce Monitor ? (can be found on the "performance" tab in task manager)
Is there any area in particular which seems to be slowing things down ?

I find when I process 200GB exchange EDB's that FTK's progress is quite slow with no apparent signs of what is slowing it down. CPU unilisation , RAM usage and HDD i/o are all minimal. Exporting to PST's seems to solve that. Instead of 4 weeks or more it takes about 4 days.  
 
  

jmburns27
Newbie
 

Re: FTK 4

Post Posted: Feb 27, 12 22:01

You have to download kff separately for oracle from their download page  
 
  

NEA_ICAC
Newbie
 

Re: FTK 4

Post Posted: Feb 27, 12 22:14

Tanks for all the replies, since my original post I have downloaded and installed Oracle for FTK 4. I am now able to process cases again. There are still some problems with wait chains when the "Processing host" is running and and this slows everything down. When everything is running smooth the processor usage is high (Above 70%) then when the processor usage drops below 10% I find there are several (4 or more) wait chains underneath the processing host.

Oracle does a much better job for me than PostgresSql.  
 

Page 1 of 2
Page 1, 2  Next