AccessData has announced the release of distributed processing capabilities with its Forensic Toolkit® 3.0.4 (FTK®) release. When analyzing digital evidence, investigators must process the captured data to break out compound files and index documents and email, so they can be searched effectively. Now, each FTK user can leverage up to four processing workers, one on the local examiner computer and three distributed computers…However, the enterprise-class solutions allow customers to scale out their distributed processing capabilities to leverage a centralized database and distributed processing farm. This allows them process terabytes of computer evidence in a fraction of the time it would take normally—without having to break the data into smaller batches to prevent their computers from crashing.
For example, in testing, AccessData processed a massive data set, including 62,649,383 items, of which there were well over 2 million emails and a total of 97,431 archive files that needed to be broken out. The compressed size of this data set was 1.28 terabytes. A data set this large would normally be divided into batches, with each batch being processed separately on stand-alone machines. This could take a month to process, using traditional tools, depending on the hardware used. However with AccessData’s distributed processing technology, it only took 6 days, 5 hours. After processing, the physical size of the resulting index alone was an impressive 800GB. Reducing the processing time of complex and large data sets by more than half is an invaluable capability for investigative organizations, federal agencies and corporations inundated with forensic analysis and eDiscovery case loads.
“This new capability will be integral in enabling investigative organizations at the state, local and federal level to get a handle on their overwhelming caseload,” said Brian Karney, COO of AccessData. Corporate, law enforcement and government investigators traditionally find themselves waiting for days to process data, in order to effectively search and analyze the evidence. Through the use of distributed processing, these investigators will be able to get to the analysis phase faster, thereby completing their investigations faster. Over the last few months this technology has been utilized by select organizations around the world, as AccessData worked to finalize its development, and today distributed processing is available to all AccessData customers. To view testing metrics and learn more about distributed processing, please visit: www.accessdata.com/processing
AccessData has pioneered digital investigations for more than twenty years, providing the technology and training that empower law enforcement, government agencies and corporations to perform thorough computer investigations of any kind with speed and efficiency. Recognized throughout the world as an industry leader, AccessData delivers state of-the-art computer forensic, network forensic, password cracking and decryption solutions. Its Forensic Toolkit® and network-enabled enterprise solutions allow organizations to preview, search for, forensically preserve, process and analyze electronic evidence. AccessData’s solutions address criminal and internal investigations, incident response, eDiscovery and information assurance. In addition, AccessData is a leading provider of digital forensics training and certification with its much sought after AccessData Certified Examiner® (ACE®) program. For more information on AccessData visit www.accessdata.com.