FTK 2.0 - Installation
Recently the new version of AcessData's Forensic Toolkit arrived in the mail. Of course I felt a strong urge to try it out. Here is what I experienced so far.
The upgrade arrived in a bare cardboard box. It contains the new USB dongle and a plastic box with 2 DVD. One DVD contains the new version 2.0 of FTK. On the other one there's version 1.72. This version also requires the new dongle, but it is supposed to operate on the older case files. If all goes wrong you can still transfer your license back and forth between the new and the old dongle and continue to work with version 1.71 or even earlier versions. So AccessData provides for a smooth transition.
The box also contains a few leaflets. They inform about the different install options and their respective system requirements. There is no printed manual; instead a PDF version is provided on the install media.
As it was announced by AccessData about one year ago, the new FTK relies on an Oracle 10g database backend. The database ships with FTK. There is no need to buy a separate license. It is possible to install the database either on the same computer as FTK or on a different machine. According to AccessData one can point FTK to an existing database, too.
I decide to install FTK and Oracle on the same machine. The workstation provides an Intel Core2Quad @2.4 GHz, but only 2 GiB RAM. So it barely satisfies the minimum memory requirement for that configuration; AcessData recommends 4 GiB. Therefore my benchmarks will not be meaningful at all.
The (custom) install offers three software components:
- FTK 2.0 core software
- Oracle 10g database backend
- a hash library for the Known File Filter (KFF)
I chose to install all of them. FTK goes onto the system drive. The database is installed onto a dedicated drive. Seemingly there's no option to put program binaries and the actual data onto different drives (volume mount points may help here). Finally the KFF hash library is imported into the newly created database.
A reboot is required to complete the installation.
I noticed that the files were highly fragmented. Therefore I recommend to run defrag on the volume(s) before proceeding.
Transferring the License
The copy protection schme of FTK 2.0 is based on a CodeMeter USB dongle by Wibu Systems. The old green KEYLOCK device ist not supported. Thus you'll have to transfer the license information from the old dongle to your new one. There is a detailed description of all the steps required on one of the leaflets.
Note that an Internet connection will be required during the process. Launch the license manager and plug in the old dongle. Then remove licenses from the old dongle as needed. A web page will pop up and confirm the removal on the spot.
Now remove the old dongle, plug in the new one and let the license manager update its data from the new dongle. Then add new licenses. Again a web page will open and you can select the license(s) to transfer. Surely this is a critical step. But everything went smooth.
First Run
At this point I expected everything to be ready for a first run. But to my surprise FTK complained about a missing dongle. Fortunately the dongle was fine and another possible reason was given some lines down the error message. For some reason the "Access Data - Database Monitor" wasn't running. So I started it and configured it for automatic startup. Now FTK started and greeted me with the "add user" dialog.
You're now ready to create your first case. But that's a different story, to be continued...
