The Story of Your (Work) Life: 4 Forensic Data Problems Solved

Joanne Spataro

Oct 16 2015

You have urgent evidence in your hand, and it needs to be reviewed this afternoon. But, your forensic computer lab is full of other examiners reviewing their own evidence or there’s only one case reviewer license on a machine. What’s worse? You finally upload your evidence and, because your case reviewer doesn’t restrict access to non-investigation-related files, accidentally see privileged information that prejudices you and potentially the entire case.

Is this the story of your (work) life? You’re not alone. Many professionals are in the same boat and have shared their stories with us. This year, several investigative professionals got together with us to talk about digital forensics. One tool-oriented examiner said he may not be as tech savvy as more advanced examiners in the group, but he needed his software to work just as seamlessly.

“Considering the workload our office is experiencing, speed of processing and analysis is becoming more vital,” he said. “When I have 20 phones to examine for various cases, digital devices of every sort from our unit’s search warrants, and have to advise our 30 detectives on technical matters, I don’t have time to spare.”

He wasn’t the only one with little time for getting work done. Here are the top four issues we heard from you.

Issue #1: You have all of your evidence with nowhere to go. All computer lab terminals are occupied and you’re too scared to go grab a sandwich while you wait for a computer to become available.

Issue #2: Uh oh, guess that version of a Microsoft Word file that was the potential smoking gun to my case is gone forever. Or is it?

Issue #3: You need to manually click multiple buttons in order to find what you want, but this leaves you to click or unclick unwanted buttons by mistake.

Issue #4: You have an OCR image that needs to be translated into French, but you only have OCR in English.

You are the reason we released FTK 6.0, the enhanced version of Forensic Toolkit® with the ease of use and high tech oomph you need without the fluff. Here are the latest features that solve all four of the issues we heard from you – and then some.

An enhanced web viewer. No more waiting in a computer lab. You’ll be able to conduct early case assessment at the earliest point in your case – as it’s happening – through FTK’s Web Viewer and the backend database it shares with Summation. You’ll get evidence streamed to your team in real-time without waiting days, weeks or even months before the initial evidence is examined. The examiner can even set up custom data views to restrict privileged information like the salaries of employees of a company. You can also search multiple cases in one viewer, speeding up the process by searching across multiple cases instead of one case at a time.

Updated Volume Shadow Copy. Data you thought was long gone is yours to recover thanks to FTK 6.0 and an upgrade in Microsoft. Microsoft began to provide access to the full Volume Shadow Copy in the hard drive of Windows Vista so forensics users could find restore points to recover data. If you type up a Word document and you want to password protect it, Microsoft backs up the unencrypted version of that document, so you may be able to recover it. Volume Shadow Copy is included with FTK 6.0, one of the few products to do so. There’s no need to use a third party product or manually extract information from your computer’s shadow system files.

Easy Button Processing. Instead of manual pre-set processing buttons, FTK 6.0 gives you pre-defined, one-click command options so you can decide whether you’re doing an e-discovery or forensic processing job. There are five pre-set options to refine your evidence by Forensic Processing, Summation Processing, eDiscovery Processing, Basic Assessment, or Field Mode. These pre-set functions eliminate the need to go through each tab selecting and deselecting what you do and don’t want.

OCR that translates into multiple languages. Say bonjour to this updated Optical Character Recognition software that can translate images to text in 34 different languages. OCR is something we’ve been perfecting for awhile. We were the first to bring OCR to forensics tools on a major scale in 2010. With FTK 6.0, it’s easy to index scanned documents, so you won’t miss any important evidence even if it’s in French, Spanish or Telugu.

Ready to take FTK 6.0 out for a test run? Read more about the new release launch here and make sure to check out our World Tour. AccessData is coming to a city near you. Join us on our World Tour, where you can participate in hands-on sessions to see how FTK 6.0 works in your daily life.

Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More