AccessData FTK Advanced Live Online Training

by

Reviewed by Scar de Courcier, Forensic Focus

On the 11th-13th of August 2015, AccessData ran a live online training course to teach FTK users how to get the most out of the software solution. The course was aimed at people who had already used FTK and completed some basic training beforehand, and aimed to expand investigators’ knowledge of the tool.

The training itself was managed by Syntricate which, although technically a part of AccessData, was created to offer training and education for digital forensics professionals. Syntricate aims to be as platform-agnostic as possible during training courses and provides a range of training options with many of the well-known digital forensics companies.Course Structure

Before the course began, all students were sent a manual which we worked through each day. This was useful as it gave an overview of what would be included in the course before it started, making it easier to prepare. It is also worth noting that the Advanced FTK handbook is smaller in size than those included with some other training courses, making it portable and easier to handle.

Although the course was designed for people who are already familiar with FTK, the instructor still took the time to go over some of the basic components of the tool and briefly discuss its strengths. This was helpful as it allowed attendees who had not recently used FTK to refresh their memory.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


The ‘Chat’ function was used extensively throughout the course, beginning on the first day with a round of introductions. This was a nice touch as it helped everyone to get to know each other, and allowed the instructor to better understand his audience. Participants were encouraged to ask questions at any time, and many people made use of this functionality.

The instruction proper began with an in-depth study of the case setup functionality. Whilst setting up a case is covered in the basic training, the advanced course allowed all the different options to be explained for each element of setup, and encouraged further customisation of features.

At the end of each section there was an instructor-led lab, in which participants were encouraged to do for themselves the things that had just been demonstrated. This was useful as it allowed for some practical training and ensured that attendees had properly understood the preceding sections.

The course then moved on through a range of evidence processing tools, including explicit image detection, filtering results and examining prefetch files. At the end of each chapter in the textbook is a page of review questions, which were not gone over during the actual course itself as it would not have been practical online, but these will no doubt prove useful for anyone wishing to brush up their knowledge or check their understanding at a later date.

A bonus section was the one devoted to Cerberus, an automated reverse engineering tool and malware triage platform which could probably have taken up a whole day’s training time on its own. The instructor talked us through how Cerberus works, how it scores various threats, and how to run a Cerberus analysis.

The visualization module was particularly interesting as it demonstrated the various ways in which reports can be laid out for client view. Each element was explained in depth, and we were then shown how to identify common patterns and document results for ongoing analysis.

Evaluation

The FTK Advanced course was excellent. The Live Online Training worked well and is a recommended option for anyone based outside of the areas where in-person training is currently offered. I felt no disadvantages from not being physically present in a classroom; everything ran smoothly throughout the week and if anything it was easier to move at a reasonable pace when at my own computer.

Todd, the instructor, was friendly and encouraging, and continually demonstrated a willingness to help participants stay up to speed. He spoke slowly and clearly, went over aspects that people marked as less clear, and took the time to make sure that everyone was caught up before moving on to a new section.

The textbook is a useful repository of information and I expect to use it to refresh my knowledge and test myself in the future. There is also a practice exercise at the end of the book for students who want to try out some of the techniques they learned throughout the course.

Overall, my experience with AccessData’s FTK Advanced Live Online Training was very positive. By the end of the course I felt confident that I could use FTK better than I had previously, and that I understood more about how it works and the options presented for investigators.

Learn more about training courses available from AccessData here.

Leave a Comment

Latest Articles

Atola Adds iSCSI Support And Enhanced RAID Features To Its TaskForce Imagers
News

Atola Adds iSCSI Support And Enhanced RAID Features To Its TaskForce Imagers

ByAtola TechnologyMay 20, 2025
Major Step Forward For Public Safety As Forensics Europe Expo Co-Locates With The Blue Light Show
News

Major Step Forward For Public Safety As Forensics Europe Expo Co-Locates With The Blue Light Show

ByForensic FocusMay 19, 2025
Forensic Focus Digest, May 16 2025
News

Forensic Focus Digest, May 16 2025

ByForensic FocusMay 16, 2025
Introducing XRY 11.0.1 From MSAB
News

Introducing XRY 11.0.1 From MSAB

ByMSABMay 15, 2025
“You Knew What You Were Signing Up For” – A Harmful Narrative In DFIR?
ArticlesWell-being

“You Knew What You Were Signing Up For” – A Harmful Narrative In DFIR?

ByForensic FocusMay 15, 2025
Amped Authenticate Update Empowers Investigators With Expanded Tools For Deepfake Detection And Video Integrity Analysis
News

Amped Authenticate Update Empowers Investigators With Expanded Tools For Deepfake Detection And Video Integrity Analysis

ByAmpedSoftwareMay 15, 2025