Notifications
Clear all

FTK 6

7 Posts
5 Users
0 Likes
886 Views
(@scotty)
Posts: 2
New Member
Topic starter
 

Hello everyone!

We are trying to decide if we want to upgrade to FTK 6 or stick with what we got. Is anyone here using FTK 6 or have heard about other's experiences with FTK 6? Thanks in advance!

 
Posted : 05/12/2015 3:27 am
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

We have FTK 6 (and EnCase 7, X-Ways 18, and Autopsy 4). In my opinion, it is more stable than EnCase 7. It has less "new" things than one would expect from such version change.

At this point, if I wanted to buy a "commercial forensics Swiss knife" product, I would go with X-Ways.

I know labs that switched away from FTK and EnCase, and went with X-Ways & training and Autopsy, and it still costs them less.

It can now open Cellebrite images, and slight reduction of steps for processing.

A quick note regarding upgrades. I would not upgrade, but uninstall completely and install new version. We had quite a lot of issues with the database, crashes and just not functioning properly.

 
Posted : 05/12/2015 8:17 am
(@sgreene2991)
Posts: 77
Trusted Member
 

It can now open Cellebrite images, and slight reduction of steps for processing.

This piece doesn't really do what they advertise. It'll open, but it won't give you nearly the amount of information that you would normally get with the UFDR Reader. The encoding of the image is different and they haven't quite figured out how to make it all work properly. Also, the only Cellebright files it will handle are .ufdr, everything else it won't know what to do with.

 
Posted : 08/12/2015 3:45 am
(@scotty)
Posts: 2
New Member
Topic starter
 

Thanks for the info!

I know labs that switched away from FTK and EnCase, and went with X-Ways & training and Autopsy, and it still costs them less.

I would like to switch to X-Ways myself, but we need the more user friendly interface so some non-forensic people can look at the case as well. It's pretty much the only reason we use FTK at this point.

A quick note regarding upgrades. I would not upgrade, but uninstall completely and install new version. We had quite a lot of issues with the database, crashes and just not functioning properly.

Thanks for the heads up! We'll probably keep a couple of stations running the old FTK just in case we need to resurrect cases.

It'll open, but it won't give you nearly the amount of information that you would normally get with the UFDR Reader. The encoding of the image is different and they haven't quite figured out how to make it all work properly.

I've noticed that with cell phones especially, it's good practice to use multiple tools to read the results. Sometimes CelleBrite doesn't do as good of a job parsing out the image file they dump for some reason.

 
Posted : 14/12/2015 8:18 pm
(@bithead)
Posts: 1206
Noble Member
 

Thanks for the info!I would like to switch to X-Ways myself, but we need the more user friendly interface so some non-forensic people can look at the case as well. It's pretty much the only reason we use FTK at this point.

X-Ways Investigator, based on X-Ways Forensic, has a simplified interface. It is worth a look.

Thanks for the heads up! We'll probably keep a couple of stations running the old FTK just in case we need to resurrect cases.

The new version will open cases created in older versions of the program. Changes in the database and KFF server make a fresh install a cleaner solution.

 
Posted : 15/12/2015 7:07 am
(@sgreene2991)
Posts: 77
Trusted Member
 

It'll open, but it won't give you nearly the amount of information that you would normally get with the UFDR Reader. The encoding of the image is different and they haven't quite figured out how to make it all work properly.

I've noticed that with cell phones especially, it's good practice to use multiple tools to read the results. Sometimes CelleBrite doesn't do as good of a job parsing out the image file they dump for some reason.

I absolutely agree, but here's the issue I ran into.

I had a Cellebrite file sent to me by another company. I loaded it into FTK 6 figuring I could look at it just fine. All I got back was a mess of code that made no sense and no actual files were parsed out. So I then used a version of UFED Reader, which opened it just fine and parsed out files. Hoping it was a one off I tried it again with a different UFED image, same result.

It's really just a misleading advertisement (kind of), it can OPEN the file as advertised, but as for browsing the image that isn't happening with this version. Even AccessData tech support couldn't even figure it out (which is reassuring).

 
Posted : 17/12/2015 4:27 am
EricZimmerman
(@ericzimmerman)
Posts: 222
Estimable Member
 

watch the forensics lunch where FTK 6 is talked about with Tim L from AD. more of the same in v6 it looks like

 
Posted : 17/12/2015 10:45 pm
Share: