Wie bereits durch einen Leser als Kommentar in diesem Beitrag angekündigt, hat AccessData Version 1.80 des ForensicToolKits (FTK) veröffentlicht. Nach dem wirklich mäßigen Erfolg der 2er-Version sah sich der Hersteller wohl veranlasst, nochmal bei 1.x nachzulegen. Der Registriy-Viewer ist ebenfalls auf Version 1.5.2 aktualisiert worden. Diese Version benötigt man, wenn beim Case Processing automatische Registry-Reports erstellt werden sollen. Folgende Neuerungen wurden in Version 1.80 aufgenommen:
Auszug aus den Release Notes
More Powerful Analysis
- Auto identification and categorization of more file types, including selected types of MP4, M4V and AVI video files
- Office 2007 support
- Enhanced carving
- Improved PNG carving
- Improved BMP carving
- Better performance when adding carved items to a case
- You can now change the index granularity for all manually filtered files
- Improved DBX parsing
- New web email container in the email tab (supports Yahoo and Hotmail)
Easier Searching, Filtering & Exporting
- Select multiple indexed search terms and search on each of those individually with a Single click of the View Item Results button
- New Checkmarked Items filter
- Files can be exported in their original binary format, interpreted HTML view (if available), and as filtered text
- Enhanced Recursive File Export allows you to completely rebuild the original folder structure from the root of the image down to the selected file or folder, including the descendants of that selection
Enhanced Reporting
- Automatically generate common registry reports during processing
- When bookmarking and exporting email attachments in a report, a link to the parent email can be automatically generated
- Add a parent email to the bookmark as a distinct file, ensuring all attachments are included in your report
- Option in the Preferences window to automatically back up case after processing
- In addition to exporting files in their interpreted HTML view they will also be exported in their original binary format
- In addition to the original file name, a file with a missing or bad extension now includes the correct extension with a link to that file in the report
Ich dachte immer das Ding heißt „ForensicToolKit“?
@Ben
Klar. Stimmt natürlich. Irgendwie hat mich meine IT-Securityvergangenheit da eingeholt. 😉
Danke für den Hinweis.