AccessData

Last updated
AccessData
Industry Cyber Security
Founded1987
FounderEric Thompson
DefunctDecember 2020
Parent Exterro

AccessData was a software development company that developed Forensic Toolkit (FTK) and FTK Imager until it was acquired by Exterro. It had over 130,000 customers in law enforcement, private companies, and government agencies. [1]

Contents

History

AccessData was founded in 1987 by Eric Thompson. [2] [3]

On 1 January 2015, AccessData split into two companies. [4] The first company retained the name and digital forensics products whilst the second company, Resolution1 Security, split to focus on cyber incident response products. [5] [6] On 15 May 2015, AccessData announced that the sale of Resolution1 Security had been completed. [7]

In December 2020, AccessData was acquired by Exterro. [8] It was reported that Exterro paid over $100 million USD to purchase the company. [9]

Products

Forensic Toolkit (FTK)

Forensic Toolkit, or FTK, is a computer forensics software that scans a hard drive looking for various information. [10] It is an well-known and widely used piece of software amongst those working in digital forensics. [11] It can, for example, locate deleted emails [12] and scan disks for strings to use them as a password dictionary to crack encryption or hashes. [13] AccessData also created a similar tool called AD Lab. [14]

FTK Imager

FTK Imager is a tool that saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 and SHA1 hash values and can verify the integrity of the data imaged is consistent with the created forensic image. The forensic image can be saved in several formats, including DD/raw, E01, and AD1. [15] FTK imager can be used to create hard disk images for later use in Forensic Toolkit, [16]

Related Research Articles

<span class="mw-page-title-main">Password</span> Text used for user authentication to prove identity

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

A disk image is a snapshot of a storage device's structure and data typically stored in one or more computer files on another storage device.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Computer forensics</span> Branch of digital forensic science

Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.

In computing, data recovery is a process of retrieving deleted, inaccessible, lost, corrupted, damaged, or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a usual way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).

<span class="mw-page-title-main">Digital forensics</span> Branch of forensic science

Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination, and analysis of material found in digital devices, often in relation to mobile devices and computer crime. The term "digital forensics" was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.

Acronis True Image is a proprietary backup, imaging, cloning and cybersecurity suite developed by Acronis International GmbH. It can back up files, data, clone storage media and protects the system from ransomware. In 2021, the product was renamed to Acronis Cyber Protect Home Office before being renamed back to True Image in 2024.

<span class="mw-page-title-main">The Sleuth Kit</span>

The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.

<span class="mw-page-title-main">IsoBuster</span> Data recovery software

IsoBuster is a data recovery computer program by Smart Projects, a Belgian company founded in 1995 by Peter Van Hove. As of version 3.0, it can recover data from damaged file systems or physically damaged disks including optical discs, hard disk drives, USB flash drives and solid-state disks. It has the ability to access "deleted" data on multisession optical discs, and allows users to access disc images and to extract files in the same way that they would from a ZIP archive. IsoBuster is also often used by law enforcement and data forensics experts.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

The host protected area (HPA) is an area of a hard drive or solid-state drive that is not normally visible to an operating system. It was first introduced in the ATA-4 standard CXV (T13) in 2001.

Anti–computer forensics or counter-forensics are techniques used to obstruct forensic analysis.

<span class="mw-page-title-main">Private Disk</span>

Private Disk is a disk encryption application for the Microsoft Windows operating system, developed by Dekart SRL. It works by creating a virtual drive, the contents of which is encrypted on-the-fly; other software can use the drive as if it were a usual one.

Device configuration overlay (DCO) is a hidden area on many of today's hard disk drives (HDDs). Usually when information is stored in either the DCO or host protected area (HPA), it is not accessible by the BIOS, OS, or the user. However, certain tools can be used to modify the HPA or DCO. The system uses the IDENTIFY_­DEVICE command to determine the supported features of a given hard drive, but the DCO can report to this command that supported features are nonexistent or that the drive is smaller than it actually is. To determine the actual size and features of a disk, the DEVICE_­CONFIGURATION_­IDENTIFY command is used, and the output of this command can be compared to the output of IDENTIFY_­DEVICE to see if a DCO is present on a given hard drive. Most major tools will remove the DCO in order to fully image a hard drive, using the DEVICE_­CONFIGURATION_­RESET command. This permanently alters the disk, unlike with the host protected area (HPA), which can be temporarily removed for a power cycle.

<span class="mw-page-title-main">EnCase</span> Software developed by Guidance Software

EnCase is the shared technology within a suite of digital investigations products by Guidance Software. The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. EnCase is traditionally used in forensics to recover evidence from seized hard drives. It allows the investigator to conduct in-depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.

Forensic Toolkit, or FTK, is computer forensics software originally developed by AccessData, and now owned and actively developed by Exterro. It scans a hard drive looking for various information. It can, for example, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption.

<span class="mw-page-title-main">Mobile device forensics</span> Recovery of evidence from mobile devices

Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.

<span class="mw-page-title-main">Digital forensic process</span>

The digital forensic process is a recognized scientific and forensic process used in digital forensics investigations. Forensics researcher Eoghan Casey defines it as a number of steps from the original incident alert through to reporting of findings. The process is predominantly used in computer and mobile forensic investigations and consists of three steps: acquisition, analysis and reporting.

WinHex is a commercial disk editor and universal hexadecimal editor used for data recovery and digital forensics. WinHex includes academic and forensic practitioners, the Oak Ridge National Laboratory, Hewlett-Packard, National Semiconductor, law enforcement agencies, and other companies with data recovery and protection needs.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories. The tagline of Kali Linux and BackTrack is "The quieter you become, the more you are able to hear", which is displayed on some backgrounds, see this example.

References

  1. "AccessData - Cybil Portal". cybilportal.org. Retrieved 2024-06-16.
  2. Thompson, Eric. "Eric Thompson I Cyber Risk I Kroll". Kroll. Retrieved 2024-08-18.
  3. "Exterro Acquires AccessData In Nine-Figure Deal, Expanding Its Platform And Setting Stage For Possible IPO | LawSites". www.lawnext.com. 2020-12-03. Retrieved 2024-08-18.
  4. Robinson, Teri (2014-11-03). "AccessData to split in two, creates Resolution1". SC Media. Retrieved 2024-08-18.
  5. "AccessData to split into two companies - Edge Middle East". 2014-11-04. Retrieved 2024-08-18.
  6. "AccessData Group to split". Intelligent CIO Middle East. Retrieved 2024-08-18.
  7. AccessData (2015-05-14). "AccessData Group Announces Sale of Resolution1 Security Business to Fidelis Cybersecurity". GlobeNewswire News Room. Retrieved 2024-08-18.
  8. "Exterro Acquires AccessData to Form the Leading Enterprise Legal GRC…". Exterro. Retrieved 2024-04-28.
  9. artificiallawyer (2020-12-03). "Exterro Buys AccessData in $100m-plus Deal, As Consolidation Continues". Artificial Lawyer. Retrieved 2024-08-18.
  10. Schneier, Bruce (2007-11-01). "Secure Passwords Keep You Safer". Wired. p. 3. Retrieved 2009-01-12.
  11. Staff, S. C. (2016-10-03). "AccessData Forensic Toolkit (FTK)". SC Media. Retrieved 2024-11-13.
  12. Dixon, Phillip D. (December 2005). "An overview of computer forensics" (PDF). IEEE Potentials. 24 (5). IEEE: 8. doi:10.1109/mp.2005.1594001. ISSN   0278-6648. S2CID   25462454. Archived from the original (PDF) on 2016-03-03. Retrieved 2009-01-12.
  13. Casey, Eoghan (Fall 2002). "Practical Approaches to Recovering Encrypted Digital Evidence" (PDF). International Journal of Digital Evidence. 1 (3). Utica, New York: Economic Crime Institute, Utica College: 12. ISSN   1938-0917. Archived from the original (PDF) on 2013-11-02. Retrieved 2009-01-12.
  14. "AccessData Releases Powerful New Versions of AD Lab and FTK Digital Forensics Software Tools". Financial IT. Retrieved 2024-08-18.
  15. "FTK Imager User Guide v4.3.0" (PDF). January 28, 2020. Archived from the original (PDF) on 2021-04-19. Retrieved 2020-10-08.
  16. "Windows Drive Acquisition". Packt. Retrieved 2024-11-13.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.