FTK Tool Evaluation Update 2

Current Progress

After receiving our team-generated test data, we plugged our test scenario into Forensic ToolKit. It was intriguing to see what Forensic ToolKit would catch from our generated data.  

Data took a long time to load into FTK, but once it was in the system we could start evaluating processing speed and user friendliness.

In terms of hit processing speed, FTK had a lot of discrepancy which you can see form the table above. The number of hits and analyzed hits per second have a positive correlation, and our graph did not reach hit counts too large for the system to handle. That is why the keyword search for “e” has over 22 thousand analyzed hits per second, by far the highest indexed hits. The system analyzed more data per second based on the initial higher hit count. Moreover, FTK is shown to be a very powerful program as all the wait times were under 5 minutes.

FTK processing is fast and expansive, but in other fields of evaluation it rapidly falls behind.  One of those fields is user friendliness. We encountered a lot of user friendliness problems during our evaluation. FTK would unexpectedly crash or stop responding at least once every time we accessed it. The graphics of this program make the screen incredibly busy and confusing. To a beginner digital investigator, this program would be challenging to use because FTK tutorials are scarce, leaving the investigator on their own to figure out this visually busy program.

FTK’s graphics can be largely excused, because this program is made for functionality, not aesthetic. Lastly, it is important to note that FTK has crashed several times in regular use, usually when trying to do some sort of standard action. When trying to run an index search, for instance, the program will freeze and occasionally crash.  All of these factors put a dent in FTK’s overall user friendliness.

Conclusion

FTK is top performing in data collection but low performing in user friendliness. Our evaluation of FTK is almost complete, and the FTK intern team is currently starting drafts of our final report.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

 

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education