AccessData Corp. to Create the Next-Generation Forensic Toolkit

AccessData Corp., a leader in digital forensic software solutions, today announced that as a member of the Oracle(R) PartnerNetwork, it will provide customers with a new dynamic and adaptive tool for digital forensics. The next generation of Forensic Toolkit, FTK 2.0, currently in the final stages of development, will be based on the Oracle Database 10g, giving it unmatched ability to process data and better serve its clients by delivering critical information in minutes or hours, rather than days…DNA and finger prints have proven effective tools in finding suspects in crimes. Computers are proving to be equally effective when trace evidence found on a suspect’s device implicates them in a crime. The commonality that exists for crimes involving digital evidence is the vital importance of an expeditious and thorough recovery of the evidence within the offender’s digital devices, ranging from personal computer hard drives to thumb drives to large portable drives. Experienced investigators understand the importance of their task and the need of a proficient tool to assist them in their investigations. Forensic Toolkit is recognized as a leading solution utilized by law enforcement, as well as corporate investigators, in facing the rapidly expanding field of digital forensics. The number of digital investigations is expected to double each year through 2007, according to Gartner Research. And IDC, a market research firm in Framingham, Mass., projects that the market for IT forensics will increase sharply, from $310 million in 2005 to $634 million by 2009.

As a member of the Oracle PartnerNetwork, AccessData will provide customers with an integrated solution that will help increase the investigator’s ability to find evidence, allowing organizations to quickly react to high-risk situations that occur from the inside. Additionally, the integration will help reduce the effort involved in combing through hundreds of thousands of files to find the one piece of evidence necessary to cinch the case.

AccessData’s next-generation solution will allow customers to:

– Access multiple views on the same case.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

– Have multiple examiners share case bookmarks and notes.

– Adjust the order of evidence preprocessing and index building.

– Define their hierarchical view of file categories.

– Have different implementation editions for varying levels of users.

Eric Thompson, CEO of AccessData, said, “We are excited to leverage the strength of our relationship with Oracle to help meet customer demand. The scalability, stability and performance that AccessData’s software delivers on Oracle Database 10g are major factors that will help make this offering an industry-leading solution.”

About the Oracle PartnerNetwork

Oracle PartnerNetwork is a global business network of 16,000 companies who deliver innovative software solutions based on Oracle software. Through access to Oracle’s premier products, education, technical services, marketing and sales support, the Oracle PartnerNetwork program provides partners with the resources they need to be successful in today’s global economy. Oracle partners are able to offer customers leading-edge solutions backed by Oracle’s position as the world’s largest enterprise software company. http://oraclepartnernetwork.oracle.com

About AccessData

AccessData Corp., a pioneer in the forensic computing industry, provides the tools and training to empower examiners at the local, state and federal levels, as well as corporations, to perform thorough investigations with speed and efficiency. AccessData has led the forensic computing industry with its password cracking and decryption technology for more than 18 years. In addition, during the late 1990s, AccessData expanded its offering to include the Forensic Toolkit (FTK), which enables investigators to analyze electronic files for evidence including any cracked or decrypted files. AccessData is a recognized leader in the field of digital forensics training and certification with its AccessData Certified Examiners program (ACE), ensuring forensic examiners worldwide follow established standards and guidelines. For more information on AccessData visit www.accessdata.com.

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corp. and/or its affiliates.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...