I'm not sure if this is the kind of information you need, but on live machines (read servers and other machines that I am not shutting down) these are a couple of tools that I use to determine user access to particular files
• Net share
• Perms
• Cacls
• Accesschk
• Srvcheck
Accesschk.exe (Windows Sysinternals tool) which displays user's NTFS permissions to resources may be the sort of thing you are looking for.
An example of the command line to recursively (-s) find which directories (-d) that the user "dsmith" had write (-w) access to under the C drive would go something like
accesschk -w -d -s dsmith c\*
The output would be a listing of all the directories the user had write access to (preceded by a w). The same type of listing could be done for files.
Other interesting tools to determine user access rights on live systems are cacls, perms, srvcheck, and net share. Some of them as you can probably guess by their names determine share access, not just NTFS permissions.
Since you have an image, you may want to set it up to run on a virtual machine and try running accesschk to get a list of the files or folders that the user you are investigating had access to. If the relevant evidence is found in one of those folders, then you have your answer as to whether the user could access it (assuming that that is what you need to discover).
As for FTK and EnCase, a colleague of mine seems to recall during being told while he was attending bootcamp that one could do this in FTK 2, however he doesn't remember being shown how. Might be something to look in to.
As for group membership and user info, some useful tools would be
• Dsget user
• Dsget group
• Dsquery user
• Dsquery group
• Net user
• Net localgroup
• Net group
Net localgroup is probably be the more useful command for what you appear to be looking for.
(Interestingly enough, tools like Cofee are a front-end for precisely these tools.)
Just a thought.