AccessData Releases New Version Of AD Enterprise

Software product for managing forensic investigations across the enterprise, featuring new enhanced post-breach analysis capabilities, is the only tool to collect all complex data types at the endpoint.AccessData Group today announced the release of AD Enterprise 6.5, a new version of its robust software tool for managing internal forensic investigations and post-breach analysis.

“AccessData has taken the time to really understand their clients’ challenges and build enhancements into the product that will address those specific concerns. Having such a robust feature set in a single solution will significantly improve our post-breach analysis efforts and speed our investigations.”

The new release features enhancements to the software product’s existing post-breach analysis capabilities, including more thorough “memory analysis” searches for malware, targeted data preview and collection of all complex data types directly at the user endpoint, and improvements to the user interface that streamline investigations.

“AD Enterprise 6.5 provides even deeper visibility into data so organizations can investigate the causes and potential implications of a data breach, then act swiftly to conduct their post-breach analysis and execute crucial response actions,” said Tod Ewasko, Director of Product Management at AccessData. “This is the only solution in the marketplace that can perform comprehensive end-to-end post-breach forensic investigations within a single tool by collecting all sorts of complex data types directly at the endpoint. Unlike other solutions, no third-party software or complex scripting languages are needed in conjunction with AD Enterprise to manage the network investigation and post-breach analysis.”

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

AD Enterprise is one of the industry’s leading software platforms for managing large-scale forensic investigations. The product gives deep visibility into data residing on enterprise networks and employee devices so that IT executives and information security professionals can work with digital forensics experts to investigate possible employee wrongdoing, fact-check a whistleblower’s claims, respond to government inquiries or conduct post-breach analysis.

Highlights of AD Enterprise 6.5 include:

Live memory analysis — Enhanced searching capabilities enable users to conduct more thorough “memory analysis” in the aftermath of a breach, identifying possible malware that has been left behind on the network, which improves the speed of the response and reduces chain of custody risk during the investigation.

Targeted preview and collection — A remote agent deployed by the software product enables the preview of live data at the endpoint, anywhere across the enterprise, so investigators can then determine what data should be collected. This saves time as well as storage costs, since only data critical to the case needs to be pulled back and ingested into the tool for analysis.

Tasking collaboration among investigators — Built-in collaboration features enable investigators to communicate with each other and across departments to share notes, tasks, and escalate incidents, directly within the product.

Parsing additions — The addition of several new parsers helps investigators analyze even more data types. A few of the new parsers include Windows registry activity, several SSH Parsers, Net Logon events, and parsers for Android™ including Google™ Hangouts, Kik, contacts from address books, calendars, SMS and call logs.

AccessData has been previewing the latest features with its clients throughout the development process to ensure the new enhancements will address their post-breach analysis needs.

“I have been impressed with the responsive development culture of AccessData, particularly with the recent release of AD Enterprise 6.5,” said Thomas Jenkins, senior incident response engineer with a Fortune 500® utility company. “AccessData has taken the time to really understand their clients’ challenges and build enhancements into the product that will address those specific concerns. Having such a robust feature set in a single solution will significantly improve our post-breach analysis efforts and speed our investigations.”

For more information about AD Enterprise 6.5, please go to https://accessdata.com/products-services/ad-enterprise.

About AccessData®

Whether it’s for investigation, litigation or compliance, AccessData® offers industry-leading solutions that put the power of forensics in your hands. For more than 30 years, AccessData has worked with more than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world, providing both stand-alone and enterprise-class solutions that can synergistically work together. The company is backed by Sorenson Capital, a leading private equity firm focused on high-growth portfolios. For more information on AccessData, please go to www.accessdata.com.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...