AccessData’s AD Enterprise Automates Early Data Collection

Company also rolls out new versions of FTK and AD Lab with enhancements that leverage machine learning to speed up forensics investigations.

AccessData Group today announced the release of AD Enterprise 7.1, a new version of its software for managing internal forensic investigations and post-breach analysis that contains first-to-market integration with cybersecurity platforms to automate the early stages of data collection.

“When your company’s data has been breached, it is critical to maximize the speed of your incident response and conduct rapid preservation of electronic evidence, all while minimizing the impact on business operations,” said Tod Ewasko, vice president of technical engineering at AccessData. “The new version of AD Enterprise automates the previously time-intensive manual process of launching the investigative workflow. This is the first forensic investigation management software product to offer an API that integrates seamlessly with a company’s cybersecurity platform of choice to kick off a post-breach investigation from the first moments after an intrusion has been detected.”

The API, which is available as an add-on option, enables a secure connection between a client’s cyber platform (e.g., Demisto, Phantom, etc.) and AD Enterprise. If the cybersecurity software detects an attack, it sends an alert that is received by AD Enterprise, which initiates a collection job at a designated endpoint. This saves precious time in the initial stages of the incident response by preserving data relating to the root cause of the breach.

“The new AccessData release contains a critical API option that will allow our team to integrate our SIEM platform with our forensic platform,” said Scott Sattler, forensic consultant from “This capability enables us to perform automated response to events detected with SIEM platforms, such as Arcsight or Splunk. This feature will save about 40 minutes of analyst time per incident. The API integration with our SIEM is an important force-multiplier for our existing staff by leveraging the power of automation.”

Other new features built into AD Enterprise 7.1 include parsing support for APFS (Apple File System), added encryption support for Dell Data Centric and Full Disk Encryption, Python scripting enhancements and nine new parsers for mobile data analysis.

“AD Enterprise is the only solution in the marketplace that can perform comprehensive end-to-end post-breach forensic investigations within a single tool by collecting all sorts of complex data types directly at the endpoint, performing memory analysis and executing targeted collections on any file attribute,” said Ewasko.

For more information about the AD Enterprise 7.1 enhancements, please click here.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

FTK and AD Lab

AccessData also rolled out new versions of its FTK and AD Lab software products, the company’s digital forensics tools for law enforcement agencies and public sector investigative teams. FTK (Forensic Toolkit®) is a court-cited digital investigations software tool built to help customers find relevant evidence faster, dramatically increase analysis speed and reduce backlogs. AD Lab is a large-scale investigations and processing engine that enables computer forensics labs of all sizes to provide their teams with collaborative analysis, centralized case management and web-based review, thereby dramatically streamlining the investigative process.

FTK 7.1 and AD Lab 7.1 both include new features for image recognition and facial recognition, which allow investigators to train the software to find objects within images. So instead of looking through each image or a large panel of thumbnail images, the software can now rely on machine learning to surface specific individuals.

“The new versions of FTK and AD Lab leverage the power of machine learning technology and image recognition software to more quickly find similar images across various data sets, which saves substantial time during an investigation,” said Ewasko. “Moreover, enhanced mobile analysis capabilities added to both products means that investigators don’t need to waste time toggling between tools. Now all mobile data analysis can be performed in a single trusted solution.”

Other new features developed for FTK 7.1 and AD Lab 7.1 include full API support that enables users to integrate the tools with other software systems (e.g., case management, e-discovery, etc.) and allows for easier transfer of data in the JSON format, as well as new load file templates.

For more information about the FTK 7.1 and AD Lab 7.1 enhancements, please click here.

About AccessData®

Whether it’s for investigation, litigation or compliance, AccessData® offers industry-leading solutions that put the power of forensics in your hands. For more than 30 years, AccessData has worked with more than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world, providing both stand-alone and enterprise-class solutions that can synergistically work together. The company is backed by Sorenson Capital, a leading private equity firm focused on high-growth portfolios. For more information on AccessData, please go to

Leave a Comment

Latest Videos

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles