While I was trying to tune FTK 2.0 to my needs I came upon some settings that might affect the security of your lab. I filed a ticket with AccessData's support team and told them about my observations. They reacted promptly and announced to fix the issues with the upcoming release. Now, after FTK version 2.0.2 has been released to the public, it's time for me to disclose those issues.
I've just completed another dry-run of FTK 2.0: preprocessing of a 256 MB thumb drive resulted in a full-text index of more than 3 GB and about 200 MB of table space were filled in the Oracle database. However, the whole operation took more than 4 hours! So let's have a closer look at the process and see what exactly is so time consuming.
While I was creating my first case with brand-new FTK 2.0, the program suddenly ceased to work. But much to my surprise not all of the previous effort was lost.
Recently the new version of AcessData's Forensic Toolkit arrived in the mail. Of course I felt a strong urge to try it out. Here is what I experienced so far.
In a press release AccessData announces that version 2.0 of its Forensic Tool Kit (FTK) will be based on an Oracle database.
This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de
Copyright © 2005-2010 by
Andreas Schuster
All rights reserved.