I realize that there are many who are still sore over the troubles with v2.0 of FTK. But I've been using v3.01 (x64) for a few weeks now, and I'm quite impressed. While there are a few of the nagging issues that continue to annoy me (lack of ability to use "sweeping bookmarks"), the product seems to have integrated several other features that make up for these other small annoyances. First of all, it's MUCH faster. Remember trying to sort a column in v1.8x - no more! The time to sort a column, remove checkmarks, load images.... everything seems to move much faster. I like the integration of Registry reporting, indexed search results and the flexible reporting options. The carving and sorting of files into various categories is impressive. If only you could find a way to make it easier for an investigator to go through thousands of HTML pages in search for emails, banking artifacts, etc!
Admittedly, I installed FTK onto a new clean machine but colleagues in our office have upgraded from v2.0x and are also seeing similar advantages.
My suggestion to Accessdata - more research and whitepapers ie: Vista Registry, more information on using FTK for Mac analysis, etc.
Overall, very impressed by these significant upgrades and improvements.
Also, take a look at Jad's site. He's been busy working on his program, Internet Evidence Finder and has made some significant improvements - now up to v2.07. A quick poll at our last office meeting - over 1/2 of our investigators are using his product. Keep it coming Jad- much appreciated!
No comments:
Post a Comment