Forensics_6_0_RN FTK 6 0 RN
2015-10-27
: Pdf Ftk 6 0 Rn FTK_6_0_RN 6.0
Open the PDF directly: View PDF .
Page Count: 7
Download | |
Open PDF In Browser | View PDF |
AccessData Forensic Toolkit 6.0 Release Notes Document Date: 10/27/2015 ©2015 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues for this version of Forensic Toolkit® (FTK®). All known issues published under previous release notes still apply until they are listed under “Fixed Issues.” Supported Platforms For a list of supported platforms for FTK see the following: http://accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk/technical Important: Future versions of FTK will no longer support running on Windows XP. 6.0 New and Improved The following items are new and improved for this release: System Windows 10 Support The application and the agent now support Microsoft Windows 10. Installation All installation files have been signed with SHA-256. Agent New Agent Certificate To ensure you can continue to integrate with third-party applications, a new agent certificate will be issued to all clients current on their subscription. AccessData Forensic Toolkit 6.0 Release Notes | 1 Database When installing a PostgreSQL database, a newer version (9.3.5.42) is now installed. When installing a PostgreSQL database, there is no longer a dialog to choose a method of database optimization. A default setting is now used. New Put each case in its own DB option (MS SQL and PostgreSQL only) To improve performance, when you create new cases, a new database is created for each new case. This feature is enabled by default in the following new option: Database > Put each case in its own DB In addition to improved performance, if you configured the database location to be In the case folder, the database files are located under the case folder. This lets you easily back up a case at the folder level as the case data and the database for the case are all under one case folder. Processing Support for Outlook for Mac (OLM) files Processing will now detect and enumerate exported Outlook for Mac (OLM) data files. Processing Options The Processing Options interface has been enhanced with pre-defined, one-click options. The following built-in processing option buttons are available: Forensic processing (Default) eDiscovery processing Summation processing Basic Field assessment mode Mobile Support Cellebrite® Image Support You can now view Cellebrite files within FTK. Decryption Decrypting Dropbox databases is supported. Internet Artifacts Support has been added for parsing and viewing the following types of data: Skype DropBox Imager An updated version of AccessData Imager (3.4.2) is available. See New AD1 files and Imager 3.4.x on page 6. AccessData Forensic Toolkit 6.0 Release Notes | 2 Examiner Web Viewer FTK® Web Viewer, Powered by Summation® FTK now includes a single license of AccessData Summation. You can conduct case assessment earlier with real-time collaboration. Attorneys or other teams now have instant access to case data as it’s being identified in FTK while incident responders are in the field or performing on-site collections. Multi-Case Search Using the Summation web viewer, you can speed up the searching process by searching across multiple cases instead of one case at a time. Columns The following columns have been added: Microsoft Office document metadata: CreateTime (Content created) EmbeddedComments (PPT files) HiddenColumnsRows (Excel files) HiddenWorkSheets (Excel files) LastPrinted LastSavedTime (Date last saved) RevisionNumber TotalEditingTime (Word and PPT) TrackChanges Adobe files metadata: Meta-data - DateCreated Meta-data - DateModified Mobile Phones Many columns related to Cellebrite support. OCR Graphic This column provides the OCR confidence % score for each file that has been processed with OCR. This column is sortable which helps you determine which files may need to be manually reviewed for keywords. Internet Data Columns for internet data have been grouped into sub-categories to make columns easier to find and identify. New columns have been added for Internet Chat Profile - (Chrome profiles, Skype accounts, and mobile phone user accounts) Offline User Email - (Chrome offline mail database.) Search Terms - (search terms used by internet browsers and mobile phone web searches) AccessData Forensic Toolkit 6.0 Release Notes | 3 Other Various tool tips have been added. Fixed Issues in 6.0 The following issues have been fixed in this release: System Installation/Upgrade/Migration Fixed an error that may occur when installing a distributed processing manager. (32938, 33103) During the Processing Engine installation, when you customize the path to the temporary files, it now carries over to the FTK UI. (27001) Database Updates have been made to improve performance when using a PostgreSQL database. Processing Improved the carving of ZIP files that sometimes caused Additional Analysis jobs to hang. (29824) Performance Performance and stability has been improved in the following areas: Processing Updating between FTK and AccessData Summation. (31583) count numbers in the File List. (30016) Memory usage when scrolling through thumbnails on the Graphics tab. (30068) Multiple users working in the same case. (30725) PostgreSQL database with tens of millions of items. (32035) Examiner Export When exporting decrypted files to an AD1 file, then processing that AD1 file, the files are no longer shown as empty folders or place-holders. (33102) Other AVI files are played properly on the Video tab. (30756) INK files that have Russian characters no longer report “Invalid Shortcut File”. (23447) AccessData Forensic Toolkit 6.0 Release Notes Fixed Issues in 6.0 | 4 Important Information Latest Documentation The User Guide is always being updated. For the latest FTK documentation, go to the following link: http://www.accessdata.com/support/product-downloads/ftk-download-page Installation and upgrade For FTK installation and upgrade instructions, see the FTK Quick Install Guide and the detailed FTK Installation Guide which are available at http://www.accessdata.com/support/product-downloads/ftk-download-page FTK supports Distributed Processing Engines (DPEs). Before installing Distributed Processing, see the Install Guide. Upgrading CodeMeter FTK 5.6.1 and later include an updated version of CodeMeter Runtime Kit (5.21). If this is a new installation of FTK you do not need to do anything and the latest version of CodeMeter is installed. If you are upgrading to FTK 5.6.1, be aware that a security vulnerability has been detected in Codemeter 4.5. However, if you simply upgrade from CodeMeter 4.5 to 5.21, the vulnerability remains. To fix the vulnerability, you must manually uninstall 4.5 before installing 5.21. If you are upgrading to FTK 5.6.1, manually uninstall CodeMeter first and then install FTK 5.6.1 which will install a clean CodeMeter 5.21. Otherwise, after upgrading to FTK 5.6.1, manually uninstall CodeMeter 4.5 and then manually install CodeMeter 5.21. Running PostgreSQL on a Virtual Machine If you run PostgreSQL on a virtual machine with a dynamically allocated virtual hard drive, you must manually stop the PostgreSQL service before rebooting the virtual machine. Otherwise, PostgreSQL will become corrupted. If you run PostgreSQL on a virtual machine with a fixed size virtual hard drive, then PostgreSQL will not become corrupted when rebooting. Recommendations Cerberus writes binaries to the AD Temp folder momentarily in order to perform the malware analysis. Upon completion, it will quickly delete the binary. It is important to ensure that your antivirus is not scanning the AD Temp folder. If the antivirus deletes/quarantines the binary from the temp, Cerberus analysis will not be performed. If you choose to have a case’s database files placed in the case folder, do not move your case folder without first archiving and detaching the case. AccessData Forensic Toolkit 6.0 Release Notes Important Information | 5 New AD1 files and Imager 3.4.x Any AD1 file created by FTK or Summation 6.0 or later can only be opened with Imager 3.4.0 or later. Imager 3.4 can be freely download from the AD website: http://accessdata.com/product-download Using an older version of Imager will result in an “Image detection failed” error. This happens because the AD1 format was enhanced to support forward compatibility between AccessData products. Newer AD1s have a version 4 in the header instead of 3. A hex editor can be used to quickly determine if your AD1 is v3 or v4. AccessData Forensic Toolkit 6.0 Release Notes Important Information | 6 Where to get more information Use the following documentation resources to learn more about this product. Each document is available in PDF format in the download ISO file. The User Guide is also available through the Help menu in FTK. The latest version of each document is available in the Product Release pane on the FTK product download page: http://www.accessdata.com/support/product-downloads/ftk-download-page Document Description Quick Installation Guide Basic information about how to install and upgrade this and related products. FTK Installation Guide Information about how to install and upgrade this and related products. User Guide Information about how to use this product, including detailed technical information and instructions for performing tasks. Upgrading, Migrating, and Moving Cases Information about upgrading and migrating cases from 4.1 to 4.2, and moving cases from one database to another. Upgrading Cases Information about upgrading cases from 4.1 to 4.2. Migrating Archived Cases Information about upgrading or migrating cases that you have archived in a previous release. KFF Quick Install Guide and KFF installation files For the most current KFF Server and KFF data installation files, as well as the KFF Quick Install Guide, visit the AccessData Product Downloads page: http://www.accessdata.com/support/product-downloads Expand the Known File Filter (KFF) section and then the KFF Server section. Comments? We value all feedback from our customers. Please contact us at support@accessdata.com, or send documentation issues to documentation@accessdata.com. AccessData Forensic Toolkit 6.0 Release Notes Where to get more information | 7
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Author : bedwards Create Date : 2015:01:29 14:32:52Z Modify Date : 2015:10:27 09:12:02-06:00 XMP Toolkit : Adobe XMP Core 4.2.2-c063 53.352624, 2008/07/30-18:12:18 Creator Tool : FrameMaker 9.0 Metadata Date : 2015:10:27 09:12:02-06:00 Format : application/pdf Title : Forensics_6_0_RN.fm Creator : bedwards Producer : Acrobat Distiller 9.0.0 (Windows) Document ID : uuid:811bd133-0cdb-4d18-96ae-217ee372a9d8 Instance ID : uuid:44201d62-d360-44e8-b945-253e46646aeb Page Mode : UseOutlines Page Count : 7EXIF Metadata provided by EXIF.tools