I ended up completely removing all postgres related files - this was a bit of a manual effort. Removing all FTK installs, and through trial and error installing different versions, until I got a stable one. I am currently on V5.5 64bit. It seems to work, but it does crash on big cases. Currently only have 3 active cases in my install, as I am worried about another crash and loosing everything.
Wish I had more to add for the amount of time I spent trying to get this to work, but I dont.
Did the complete wipe, software still crashes.
I have a multi drive setup within one machine…ie one drive is on the operating system, one drive has FTK, one drive has POST. Machine is an i7…drives are 7200 or SSD. Plenty of space available.
I am guessing FTK is not very well designed for one computer use. Perhaps it does better in a network setting.
Be sure that you followed this to the letter https://
How much is 'plenty' of space? I have seen countless examples where ADTemp was unexpectedly on a C drive with maybe 80GB of space, trying to expand and index numerous huge PSTs or whatever it might be. FTK all on one disk might not be a good setup for performance - but if you are doing that I would recommend a minimum of 800GB of fast space, not knowing what you are trying to ingest - you might get away with 300-500GB. Ideal is 2+ SSDs in RAID 0 for speed.
FTK does better on individual workstations, since that's what it's designed for. Scaling up to include DB servers can significantly increase performance if it's implemented properly - but again I've seen some shocking setups with flaky networks. Guess what happens when it's trying to perform enormous number of read/writes to its DB and the network flakes out?
What is perfmon showing you when the problems hit? You will almost certainly find that one or more area of resources are getting overloaded - disk queues possibly. Last but not least, which logs have you interrogated? Case logs are good, %systemroot%\Program Files\AccessData\FTK or somewhere like that might have more.
TB's of space…and let em add, FTK is on one disc, the evidence cache is going to another.
I will check the ADTemp.
Permon is showing signs of what I would consider a memory leak during processing. CPU is at 00, yet the memory usage keeps going up up up until FTK crashes. Happens over and over, even if I separate out carving, indexing, etc….and it happens so randomly and often over different hard drives, I do not have a pattern of specific tasks.
So roughly how much evidence are you adding in one go? How many items in your case when it starts going wonky?
At this stage I'd be adding evidence in small batches to see if it goes wrong at a particular item - maybe some encryption or something it is just locking up / leaking memory on.
Is there another workstation available to compare/contrast?