Introducing a New Era in Digital Forensic Investigations…

Investigators today need much more than a disparate bag of tools to get the job done. Case loads and case complexity are increasing at an explosive rate, due to legal requirements, e-discovery demands, technically savvy  criminals, increasing data sets and a slew of other factors. In addition, there a number of non-forensic players in an investigation who must review the case data in a timely manner, including Human Resources representatives, legal departments, members of the District Attorney’s office and so on.

The landscape has changed in such a way that a simple computer forensic tool just doesn’t cut it anymore. The practice of juggling products to achieve the level of analysis required, then hand delivering case data for review does not scale to meet the demands of an ever-growing case load. This is why AccessData has designed a suite of forensic investigation technologies that fit together seamlessly, wrapped in a single, easy-to use interface. By integrating capabilities, such as mobile phone analysis, distributed processing, division of labor and webbased task management into the Forensic Toolkit platform, you can work more cases faster.

Simply choose the enhanced capabilities you need, and build the solution that’s right for your organization. Over time, if your needs grow, you can build on to your existing components to stay ahead of the curve. The technologies discussed herein are the most stable, most integrated and most flexible forensic solution available, delivering the power to handle the largest data sets with speed, accuracy and efficiency. The result is a
more effective investigative process that saves you time… and ultimately, money.

ftkForensic Toolkit®

A Foundation Built for Speed, Analytics and Enterprise-class Scalability…

Forensic Toolkit (FTK) enables a new approach to digital investigations with enterprise-class architecture and an embedded database that scales massively to handle the largest data sets and caseloads. Every copy of FTK 4 comes with a total of 4 workers (1 worker on the examiner machine and 3 distributed workers) to enable distributed processing and dramatically reduce processing and indexing time. Unlike other solutions, its database-driven, compartmentalized architecture virtually eliminates the crashing and lost work associated with memory-based technology. It

includes AccessData’s cutting-edge cracking and decryption technology, and delivers some of the most advanced features available in computer

forensics solutions today. Furthermore, this leading forensic platform lays the framework for seamless expansion, so your solution can grow with your

organization’s needs.

mpeMobile Phone ExaminerPlus MPE+

MPE+ is a stand-alone mobile forensics software solution that is also available on a preconfigured touch-screen tablet for on-scene mobile forensics triage. Mobile Phone Examiner Plus ® created images integrate seamlessly with Forensic Toolkit ® (FTK ®) computer forensics software, allowing you to correlate evidence from multiple mobile devices with evidence from multiple computers within a single interface.

In addition, MPE+ is the only mobile forensics solution designed to facilitate mobile device discovery for litigation support personnel addressing e-discovery requirements. The interface is the most intuitive on the market and includes visualization tools that allow you to easily see communications relationships among contacts, as well as graphical interpretation of timeline data. An intuitive interface, advanced analysis, easy export and robust reporting make MPE+ the tool of choice for e-discovery practitioners.

ad-labAD Lab

Forensically process a Terabyte of complex data in 12 Hours!

AccessData® enables computer forensics labs of all sizes, facing an array of challenges, to work more effectively. A single-person lab can radically speed up the processing of cases with the four-worker distributed processing available with FTK®. However, labs handling massive data sets, utilizing a distributed workforce, or looking to collaborate with attorneys, HR personnel or other non-forensic parties can step up to AccessData Lab. AD Lab adds powerful and intuitive web-based review functionality, expanded distributed processing capabilities with a centralized processing farm, and a centralized database infrastructure. This allows collaborative analysis among multiple forensic examiners, real-time task and case management, and secure, web-based collaboration with parties outside the lab. Regardless of the size, scope or mission of your computer forensics lab, AccessData has a solution that will meet your needs.

ad-enterpriseAD Enterprise

AccessData® Enterprise takes network-enabled digital investigations to the next level. Built on our industry-standard, court-accepted Forensic Toolkit® technology, AD Enterprise delivers state-of-the-art incident response and deep dive analysis of both volatile and static data. An intuitive incident response console, secure batch remediation, unsurpassed searching and filtering, and comprehensive logging and reporting are just a few of the reasons AD Enterprise is the investigative tool of choice among government agencies and Fortune 500 companies.

The ability to forensically analyze multiple computers across your enterprise simultaneously is critical when performing root cause analysis and internal investigations. Furthermore, proactive use of this technology allows you to detect threats that have circumvented the typical signature-based tools, such as antivirus, intrusion detection and other alerting systems.

Proactively or reactively scan thousands of computers identify rogue processes (even those that are hidden) and anomalous activity. Analyze the compromise to understand how it operates, conduct a network-wide compromise assessment to identify all affected nodes AND remediate all compromised computers from a central location

silentrunner-mobileSilentRunner Mobile

When investigating a crime, security incident or malicious employee activity, investigators and analysts know they should leave no stone unturned. Yet, it  is impossible to get the whole picture when using only a stand-alone forensic tool. SilentRunner Sentinel operates like a surveillance camera, passively monitoring real-time network activity

and delivering dynamic, graphical visualization of communication flows. This allows you to swiftly uncover break-in attempts, weaknesses, abnormal usage, policy violations, misuse and anomalies. Furthermore, Sentinel can play back events from thousands of communications, enabling you to validate and deeply analyze criminal activity, system threats and security breaches. This level of visibility greatly enhances your ability to identify offenders and track their activity, determine root cause, and mitigate the recurrence of a security incident. With appliance-based collectors, pre-loaded on Dell R900 servers, SilentRunner Sentinel is now a plug and play solution, with easy deployment and configuration.

ad-triageAD Triage

AD Triage is an easy-to-use forensically sound triage tool for the on-scene preview and acquisition of computers that are live or have been shut down. Built on FTK technology, AD Triage is ideal for users who are inexperienced with computer forensics software, but need to preserve evidence in the field. Now, forensic examiners and non-forensic personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. It’s a great option for corporate and government teams who often need to acquire data from live or dead boxes for internal investigations, FOIA or even subpoenas. Law enforcement officers can preserve evidence securely without having to wait hours for a forensics expert to arrive on scene. Finally, attorneys, paralegals and litigation support personnel can easily preserve ESI for the purposes of e-discovery when handling smaller legal matters.

Using AD Triage you can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device, an external hard drive or exporting the data to a designated location on the same network. You can preconfigure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool. Or experienced forensic examiners can use AD Triage in manual mode for true triage at the scene.

Contact André Naudé on +27 (0)72 119 8319 or for further information on AccessData products and available training.

Download Brochures:

Enterprise Corporate Brochure

FTK DataSheet

eDiscovery Corporate Brochure

Ad Triage