FTK Tool Evaluation Update

Introduction

In our tool eval team, we are researching and evaluating AccessData’s Forensic Toolkit. This program advertises itself as an all encompassing tool for extracting, analyzing, and compiling digital evidence into a readable format that is acceptable for use in a court of law. Our primary goal as first year college intern students is get hands on experience working with a forensic tool.

Current Progress

Over the past month, we spent a significant amount of time familiarizing ourselves with online FTK manuals and tutorials. We felt it was important to understand exactly which functions and features would help digital investigators the most before trying to run data through FTK’s systems. When we felt we were proficient in our knowledge, we set up our virtual machine with support from the LCDI Helpdesk Techs.

More recently, we have been participating in a multi-team effort to generate test data. We knew that we had to make our test data as realistic as possible, representing user computer activities. We plan to sift through the test data in Forensic ToolKit to discern how reliable the program is and the easy of use for new to forensics practitioners.  

We have been documenting our shift-to-shift progress in order to keep a detail record of our progress and notes for future use. We have also created and started maintenance of our twitter handle, @FTKToolEvalLCDI. We have also been researching other aspects of FTK that remain beyond the scope of our knowledge. As new students to digital forensics this part is rather time consuming process; but regardless, we appear to be on track for a timely end to this project.

Conclusion

We have already accomplished a lot, but still have a long way to go. Once we get our data gen back, we can begin benchmark tests and can report with more hard data. Getting everything set up on the virtual machine was a small hurdle that we overcame. We are eager to continue our progress and report back with more concrete data on FTK.

After we complete our research, we plan to compare statistics of multiple digital forensic programs, such as Encase and Autopsy, to FTK. Our hope is to provide an accurate comparison of digital forensic tools for students new to the discipline can have knowledge and preparation in their own ventures.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

More Research Projects
CyberRange Team: Creating The Perfect Sandbox Environment
The Internet of Things Team: An Inside Look
CyberTech: Creating a Safer Internet Through Education