Building a Computer Forensics Lab

                      Ultimate Toolkit

We are mainly an EnCase shop here, but I managed to convince the supervisor to spend a little more for AccessData's Ultimate Toolkit (UTK). They bought UTK with the AccessData Bootcamp training for one of their investigators to attend. The reason I am excited is because we are currently working on a case that requires extensive searches using many keywords. Yes, EnCase has a new index function in its current version. However, we did not get it to work properly yet. It also requires us to use conditions to find the terms we want. FTK's index feature is much easier to use. Index the case, and use the search box. It works as expected. Hopefully, it arrives soon so that I can show them how to use it. UTK also includes Password Recovery Toolkit (PRTK), Registry Viewer, and Distributed Network Attack (DNA). PRTK is a powerful tool for decrypting password-protected files using different schemes from a dictionary attack to a brute force attack. DNA is similar to PRTK, but allows multiple computers to work together to decrpyt the encrypted files. Registry Viewer provides an easy way to decode data in the Windows registry.
Next Post »