FTK® (Forensic Tool Kit) now gives you a clearer picture of Windows® System Information data by parsing even more registry events, including SRUM data and Amcache files.
Track a user’s every move with a timeline of their actions and geolocations, presented in an easy-to-read, interactive and reportable Windows System Information tab.
As a forensic investigator, ever wish you could quietly sit over the shoulder of the user whose computer you’re investigating?
Wouldn’t it be easier to just watch them as they click, type, search, open programs, and surf the net?
You could see exactly what they were up to, in plain sight.
With FTK 7.4.2, you can get a little bit closer to becoming that real-time observer of an endpoint user. With our Enhanced Windows System Information feature, FTK now parses even more system data, giving you a clear timeline of the user’s actions and geolocations, and insight into what searches they performed, what programs they opened, and where they were at the time.
FTK eliminates the need to manually comb through the registry files, giving you a much faster head start in your investigations. And to make things even faster, you can now create bookmarks and labels, enabling you to quickly search and filter Windows system information, and create meaningful reports from it.
View the entire system activity of the computer you’re investigating, all in one place with an easy view, without having to manually dig through the registry files to find it.
Easily determine what devices were connected to the computer in question, view the files that were downloaded off the internet onto the machine, and see which files were recently accessed.
Track the geographical path of an employee who was traveling for work. FTK can determine when the user was in certain time zones.
When a phishing email delivering malware is sent to a user you can determine if the user clicked on it, whether the malware ran successfully, and if the email was forwarded to any other users.
See what external devices may have been connected to the machine—such as a hard drive or a cell phone—and if you’re lucky, you might even just find a cell phone backup file!
In a suspected data theft or exfiltration scenario, FTK’s enhanced windows system information tab will show you if an employee downloaded a large amount of data from the network/intranet just before leaving the company, and exactly where they were when they did it.
Determine whether a ‘bad actor’ tried to introduce a malicious virus or install malware on the network and whether they tried to cover their tracks by deleting or uninstalling an application afterward.