AccessData experts have assisted organizations of all sizes in exposing and investigating a variety of criminal and malicious activities, including the following:
- Financial and other confidential databases being tampered with
- An employee using a company laptop on public Wi-Fi to email confidential information from his web mail
- Confidential and classified data being chatted outside the organization
- Sensitive files being copied to removable media
- Incriminating files and emails that have been deleted and even partially overwritten
- Whether a file or entire hard drive had been wiped
- Malicious binaries on a network
- Employees accessing pornographic content
- Employee collusion by monitoring network communications and email
- Anomalous spikes in network activity, uncovering after-hours access to sensitive data
- And more…
The analysis capabilities of AccessData technology:
Fastest Forensic Processing
We have clients who can complete comprehensive forensic processing of a terabyte of complex data in 12 hours, using FTK. Although processing speeds are also dependent on the hardware being leveraged, FTK delivers distributed processing, allowing us to divide case load among 4 processing workers. In addition, our Lab solution allows us to expand distributed processing for even greater speed. Our ability to dramatically reduce processing time streamlines your investigation. With this processing power, we can take on a massive investigation with terabytes of acquired evidence and begin analysis faster than any other service provider.
Apple® OS Support
- Process B-Trees attributes for metadata
- PLIST support
- SQLite database support
- Apple DMG and DD_DMG disk image support
- JSON file support
Unsurpassed Memory/volatile Analysis
- Supports 32-bit and 64-bit Windows® OS
- Comprehensive analysis of volatile data
- Static RAM analysis from an image or against a live system
- Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
- Dump a process and associated DLLs for further analysis in third-party tools.
- Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
- FTK 4 now provides VAD tree analysis and exposes registry artifacts in memory and will parse and display handle information from memory.
Learn more about the capabilities of our digital investigations products, FTK, MPE+ and SilentRunner.