Get a Head Start on Your
Digital Forensic Investigations

FTK® (Forensic Tool Kit) now gives you a clearer picture of Windows® System Information data by parsing even more registry events, including SRUM data and Amcache files.
Track a user’s every move with a timeline of their actions and geolocations, presented in an easy-to-read, interactive and reportable Windows System Information tab. 

As a forensic investigator, ever wish you could quietly sit over the shoulder of the user whose computer you’re investigating? 
Wouldn’t it be easier to just watch them as they click, type, search, open programs, and surf the net?
You could see exactly what they were up to, in plain sight.


Get a Clearer Picture

With FTK 7.4.2, you can get a little bit closer to becoming that real-time observer of an endpoint user. With our Enhanced Windows System Information feature, FTK now parses even more system data, giving you a clear timeline of the user’s actions and geolocations, and insight into what searches they performed, what programs they opened, and where they were at the time. 

FTK eliminates the need to manually comb through the registry files, giving you a much faster head start in your investigations. And to make things even faster, you can now create bookmarks and labels, enabling you to quickly search and filter Windows system information, and create meaningful reports from it.

Take a Deeper Dive:

  • View the entire system activity of the computer you’re investigating, all in one place with an easy view, without having to manually dig through the registry files to find it.

  • Easily determine what devices were connected to the computer in question, view the files that were downloaded off the internet onto the machine, and see which files were recently accessed.

  • Track the geographical path of an employee who was traveling for work. FTK can determine when the user was in certain time zones.

  • When a phishing email delivering malware is sent to a user you can determine if the user clicked on it, whether the malware ran successfully, and if the email was forwarded to any other users.

  • See what external devices may have been connected to the machine—such as a hard drive or a cell phone—and if you’re lucky, you might even just find a cell phone backup file! 

  •  In a suspected data theft or exfiltration scenario, FTK’s enhanced windows system information tab will show you if an employee downloaded a large amount of data from the network/intranet just before leaving the company, and exactly where they were when they did it.

  • Determine whether a ‘bad actor’ tried to introduce a malicious virus or install malware on the network and whether they tried to cover their tracks by deleting or uninstalling an application afterward.

AD Enterprise 7.4.2 was also released and features remote data collection for endpoints outside of the corporate network—users can collect and analyze data from remote Windows® endpoints that are outside the corporate network with no VPN connectivity by using Site Server Integration. Plus, as employees continue to work remotely, organizations are also quickly adopting and relying on cloud tools like Google Drive™ and Microsoft Teams® to stay collaborative, yet they must also be able to collect from these cloud data sources. AD Enterprise is the first forensic collection tool in the industry to offer a suite of data connectors, including from network shares, Microsoft® Exchange, Gmail™, OneDrive®, Google Drive™, SharePoint®, and Microsoft Teams. Learn more or request a demo.



Interested in Learning More or Seeing a Demo?

Complete the form below and let's connect!

*By selecting the email opt in box, you agree to receive email communications from AccessData. You may unsubscribe at any time by visiting the AccessData Preference Center.

More Resources To Check Out!

© Copyright 2021 AccessData